|
在VS安装后发现路径**VC7\Common7\Tools\Bin\下有许多小工具,我对带有Cert的文件比较感兴趣。经过研究,发现是有关证书和签名的,当然,该证书未被证书认证机构认可。下面列出这些工具和我的使用心得。
1。Makecert.exe ---证书创建工具
2。Cert2Spc.exe ---发行者证书测试工具
3。Signcode.exe ---文件签名工具
面对其众多参数,我只好一一尝试。经过不断的创建,我已经能够做好证书的自我创建,子证书的创建,文件签名。嘿嘿,这下ActiveX控件的自动下载问题也算解决了一大半,有事没事就给自己编的小软件签个名又何妨?
建立自己的根证书:
makecert -sk myPK -ss myName -n "CN=LUO31工作室" -r c:\luo31.cer
sk-表示主题的密钥容器位置,ss-主题的证书存储名称, n-证书颁发对象,r-证书存储位置;
如果你需要导出私钥文件,请不要使用sk,而换作s,eg:makecert -ss myName -n "CN=LUO31工作室" -sv c:\luo31.pvk -r c:\luo31.cer
建立自根跟证书授权的子证书:
makecert -sk "myPK" -is myName -n "CN=luo31" -$ commercial -ic c:\luo31.cer c:\31.cer
sk-表示主题的密钥容器位置,is-颁发者的证书存储名称, n-证书颁发对象,ic-颁发者的证书存储位置,-$-授权范围(用于代码签名);
使用Cert2Spc生成spc发行者证书(可选):
cert2spc c:\31.cer c:\31.spc
使用signcode为你的程序,库或cab包签名:
双击signcode,或在控制台键入signcode,不带参数会启动签名向导。在第三步选择“自定义选项”,第四步选择“从文件选择”选择31.spc或31.cer,第五步选择“CSP中的私钥”,在密钥容器中选择我们定义的myPK,其他步骤默认即可,如果想添加时间戳,请在时间戳服务器地址上键入:(免费时间戳认证)http: //timestamp.verisign.com/scripts/timstamp.dll
完成后,观察你所签名的文件属性,应该已经添加数字签名项。
1. 下载数字签名工具
在m$的网站上下载:codesigningx86.exe 文件。解压缩
2. 使用VB的打包向导将主要使用的dll,ocx 文件等打包为 .cab 文件。
3. 使用说明
首先去MS的网站上下载CODESIGN.EXEP这个文件,这是个自解压文件,然后按以下示例做。
这四个工具在C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin也有
工具包包括以下几个软件:
makecert.exe 制作cer格式的证书,即X.509证书,同时可以创建私钥
cert2spc.exe 将cer格式证书转换成spc格式证书,即PKCS #7证书
signcode.exe 将证书签署到ocx上去
chktrust.exe 检查签署证书后的ocx是否正确
还有一个certmgr.exe,是管理证书用的。可以从这里面导出root.cer来,
网上很多文章写到这个证书,但是在VC的安装盘中却找不到。其实,没
有也没关系的。这几个软件可以从VC的安装盘中找到。
下面是具体的步骤:
1、创建一个自己的证书文件:
makecert /sv "Record.PVK" /n "CN=北京美髯公科技发展有限公司" dream.cer
这里,Record.PVK表示新创建的私人密钥保存文件名
DreamCaptial是你想显示的公司名
dream.cer是你创建最后的证书文件名
这些根据你自己的要求填写,最后得到Record.PVK和dream.cer两个文件。
其中,运行过程中需要输入私人密钥的保护密码,一定要输入一致,不要出错。
2、转换cer格式为spc格式(可以省略)
cert2spc dream.cer dream.spc
得到dream.spc文件。
3、给ocx进行签名
运行signcode,命令行的我没有试验通过,我是通过界面实现的。
signcode运行后会出现数字签名向导,首先选择你要签名的ocx,
下一步后会出现签名选项,一种是典型,一种是自定义。选择自定义,
这样才能从文件选择证书,选择前面制作的dream.spc,再下一步是
选择私钥文件,选择Record.PVK,输入私人密钥的保护密码,选择散
列算法,一般用md5就可以了,下一步是选择其他证书,直接下一步,
填写一下这个控件的声明,用户用ie浏览的时候,会弹出证书说明,
再下一步是加盖时间戳,我不会,直接下一步就完成了。
4、用chktrust检查是否正确
chktrust -v RecordProj.ocx
用下列批命令做证书
makecert -sv "denghan.pvk" -n "CN=KinSoft" test.cer
cert2spc test.cer test.spc
---------------------------------------------
用下列命令给CAB文件签名
signcode -spc test.spc -v denghan.pvk -n "这个是CAB数字签名" -t
''''添加时间戳
http://timestamp.verisign.com/scripts/timstamp.dll rx80.cab
rx80.CAB文件用rx80.inf的内容
[version]
signature="$CHICAGO$"
AdvancedINF=2.0
[Add.Code]
test.dll=test.dll
rx80.inf=rx80.inf
[test.dll]
file=rx80.cab
RegisterServer=yes
clsid={7E0CDEE7-DC80-4F37-9410-790BB5E9270E}
DestDir=10
FileVersion=1,0,0,1
[rx80.inf]
file=rx80.cab
把这个CAB文件放到你的服务器上,用下列代码说明你的codebase,就会自动下载了。
<object classid="clsid:7E0CDEE7-DC80-4F37-9410-790BB5E9270E"
codebase="http://yourHostURL/rx80.cab#version=1,0,0,1" width="800" height="191">
...
4. 参考资料
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/dnaxctrl/html/msdn_deplactx.asp
http://www.verisign.com
预览该网页,会弹出提示框
http://support.microsoft.com/?kbid=182598
http://www.china-askpro.com/msg40/qa13.shtml
How To Implement IObjectSafety in Visual Basic Controls
View products that this article applies to.
Article ID
:
182598
Last Review
:
September 1, 2005
Revision
:
3.1
This article was previously published under Q182598
SUMMARY
This article describes how to implement the IObjectSafety interface in Visual Basic controls to mark the controls safe for scripting and initialization. By default, Visual Basic controls use component category entries in the registry to mark the control safe for scripting and initialization. Implementing the IObjectSafety interface is the preferred method. This article contains all the code that is required to implement this interface in Visual Basic controls.
Please keep in mind that a control should only be marked as safe if it is, in fact, safe. This article does not describe the details of marking controls as safe for scripting and initialization; it simply demonstrates how to do it in code. Please refer to the Internet Client Software Development Kit (SDK) documentation for a detailed description of this. See "Safe Initialization and Scripting for ActiveX Controls" under the Component Development section.
MORE INFORMATION
WARNING: One or more of the following functions are discussed in this article: VarPtr, VarPtrArray, VarPtrStringArray, StrPtr, and ObjPtr. These functions are not supported by Microsoft Technical Support. They are not documented in the Visual Basic documentation and are provided in this Knowledge Base article "as is." Microsoft does not guarantee that they will be available in future releases of Visual Basic. For additional information about these functions, click the article number below to view the article in the Microsoft Knowledge Base:
199824 (http://support.microsoft.com/kb/199824/EN-US/) How To Get the Address of Variables in Visual Basic
The following steps illustrate how to create a simple Visual Basic control and mark it safe for scripting and initialization.
1.
Create a new folder where you can save all files that you create in this example.
2.
Get the OLE Automation Type Library Generator from the Visual Basic CD-ROM. To do this, copy all four files from the \Common\Tools\VB\Unsupprt\Typlib\ folder to your project folder.
3.
Copy the following text into Notepad, and save the file in the project folder as Objsafe.odl:
[
uuid(C67830E0-D11D-11cf-BD80-00AA00575603),
helpstring("VB IObjectSafety Interface"),
version(1.0)
]
library IObjectSafetyTLB
{
importlib("stdole2.tlb");
[
uuid(CB5BDC81-93C1-11cf-8F20-00805F2CD064),
helpstring("IObjectSafety Interface"),
odl
]
interface IObjectSafety:IUnknown {
[helpstring("GetInterfaceSafetyOptions")]
HRESULT GetInterfaceSafetyOptions(
[in] long riid,
[in] long *pdwSupportedOptions,
[in] long *pdwEnabledOptions);
[helpstring("SetInterfaceSafetyOptions")]
HRESULT SetInterfaceSafetyOptions(
[in] long riid,
[in] long dwOptionsSetMask,
[in] long dwEnabledOptions);
}
}
4.
At a command prompt, use the CD <path> command to move to the project folder, and type the following command to generate a .tlb file:
MKTYPLIB objsafe.odl /tlb objsafe.tlb
5.
From Visual Basic, create an ActiveX Control project. In the Properties list, change the name of the project to IObjSafety and the name of the control to DemoCtl. Put a CommandButton named cmdTest on the control. In the Click event handler of the cmdTest, put a MsgBox "Test" statement.
6.
On the Project menu, click References, browse to and add Objsafe.tlb, which you created earlier.
7.
Add a new module to your project with the following code, and name the module basSafeCtl:
Option Explicit
Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
Public Const IID_IPersistStorage = _
"{0000010A-0000-0000-C000-000000000046}"
Public Const IID_IPersistStream = _
"{00000109-0000-0000-C000-000000000046}"
Public Const IID_IPersistPropertyBag = _
"{37D84F60-42CB-11CE-8135-00AA004BB851}"
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
Public Const E_NOINTERFACE = &H80004002
Public Const E_FAIL = &H80004005
Public Const MAX_GUIDLEN = 40
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(pDest As Any, pSource As Any, ByVal ByteLen As Long)
Public Declare Function StringFromGUID2 Lib "ole32[1] [2] 下一页 | 
