DLL digitally signed

joantopo · ‎01-07-2017

Hi all.

From Autodesk Exchange recommend putting a digital sign to the DLL.

I have no experience about this and I have read that we can do this directly from the project properties (Sign tab).

I have created a new *.pfx file (with password) as you can see in the following image:

The problem is when I am trying to debug or generate the release, then I get 4 errors about DLL of AutoCAD:

"Acdbmgd" as reference doesn´t have a secure name.

"AeccDbMgd" ..............................................

"Acmgd" .............................................

"accoremgd".

They are from AutoCAD 2017. (Obviously they are not as a "local copy").

How can I solve this to generate my app properly?

Thanks in advance.

Autocad C3D 2019 SP3, 2020 & 2021
Intel I9 9900K with frontal watercooler alphacool eisbaer 360 (original fans mounted in pull)- 3 fans Corsair 120 ML PRO in push.
MOBO Gygabyte Z390 Aorus Master- Corsair RGB Vengeance 64GB RAM (4x16) CL16
Nvidia Quadro RTX 4000
Samsung 970 EVO PLUS 1TB (unit C). Samsung 970 PRO 512GB (for data)
Power Supply: Corsair TX850M PLUS

Descubre mi programa VisorNET para Civil 3D:
https://apps.autodesk.com/CIV3D/es/Detail/Index?id=appstore.exchange.autodesk.com%3avisornet_windows32and64%3aes

joantopo · ‎01-07-2017

I am reading this:

https://knowledge.autodesk.com/support/revit-products/getting-started/caas/CloudHelp/cloudhelp/2017/...

Is about Revit but it is the same for C3D.

I don´t want to spend a lot of money for a digital certificate because I am not a professional programmer. Any recommendation about a good price to do this?

Autocad C3D 2019 SP3, 2020 & 2021
Intel I9 9900K with frontal watercooler alphacool eisbaer 360 (original fans mounted in pull)- 3 fans Corsair 120 ML PRO in push.
MOBO Gygabyte Z390 Aorus Master- Corsair RGB Vengeance 64GB RAM (4x16) CL16
Nvidia Quadro RTX 4000
Samsung 970 EVO PLUS 1TB (unit C). Samsung 970 PRO 512GB (for data)
Power Supply: Corsair TX850M PLUS

Descubre mi programa VisorNET para Civil 3D:
https://apps.autodesk.com/CIV3D/es/Detail/Index?id=appstore.exchange.autodesk.com%3avisornet_windows32and64%3aes

TerryDotson · ‎01-08-2017

I suppose a truly capable hacker with bad intentions could not steal or simulate a certificate?

The digital signature makes it look like it's something important but deep down is it really?

DotSoft: The Leading Developer
of AutoCAD Add-on Utilities

joantopo · ‎01-08-2017

Yes, but I don't know if the certificate is paying or not.

Web links such as simantec listed in the revit web and others are for paying.

For example, in my country, Spain, we can get a certification (pfx file) from the local administration.

This certification has a public and private key ( I supose also the digital signature), so I supose this certification is valid for our applications.

Autocad C3D 2019 SP3, 2020 & 2021
Intel I9 9900K with frontal watercooler alphacool eisbaer 360 (original fans mounted in pull)- 3 fans Corsair 120 ML PRO in push.
MOBO Gygabyte Z390 Aorus Master- Corsair RGB Vengeance 64GB RAM (4x16) CL16
Nvidia Quadro RTX 4000
Samsung 970 EVO PLUS 1TB (unit C). Samsung 970 PRO 512GB (for data)
Power Supply: Corsair TX850M PLUS

Descubre mi programa VisorNET para Civil 3D:
https://apps.autodesk.com/CIV3D/es/Detail/Index?id=appstore.exchange.autodesk.com%3avisornet_windows32and64%3aes

Virupaksha_aithal · ‎01-10-2017

Hi,

You need to use SignTool.exe to sign your modules. Please refer blog http://adndevblog.typepad.com/autocad/2015/01/adding-a-post-build-event-to-digitally-sign-a-binary-f... which shows how to setup auto signing after building your module.

You can also manually sign the dll using command line

Example : signtool sign /f <yourPfxfile> /p <password> <executablefile>

I hope this helps.

Virupaksha Aithal KM
Developer Technical Services
Autodesk Developer Network

Anonymous · ‎07-06-2017

I downloaded the digital signing tools and signed some DLLs apps that run in AutoCAD 2016.

In the properties window for each DLL, it shows a signature (Digital).

When a coworker loads these in their system and runs AutoCAD 2017, they get a warning that they were not signed.

Not sure if we absolutely need to "buy" an official Certificate.

(I used tools that I downloaded online to make ours.)

Virupaksha_aithal · ‎07-06-2017

HI,

Sorry, I am not clear by your statement “buy” an official certificate. From whom you bought the digital signature. Also, can you share the image of the properties tab of the signed dll? Below is the similar image at my end.

Virupaksha Aithal KM
Developer Technical Services
Autodesk Developer Network

Anonymous · ‎07-07-2017

Hi,

Here is the screen shot of one:

Virupaksha_aithal · ‎07-09-2017

Hi,

Looks like digital signature is not proper. Please refer issued to and issued by in your image. Please contact the digital signature vendor for this issue.

Virupaksha Aithal KM
Developer Technical Services
Autodesk Developer Network

Anonymous · ‎07-11-2017

I actually generated the certificate myself using instructions from various websites...

is there a problem with doing this? is it better to Purchase a certificate online instead?

tyronebk · ‎07-11-2017

If you are generating the certificates internally then you need to make sure the certificates are installed on all machines running your code. This includes both the certification authority and code signing certificate.

Purchasing a certificate online is easier but also, obviously, more expensive. It also makes it possible to share signed modules with external firms. That said, my firm makes do with self signed certificates where possible.

Community

DLL digitally signed

DLL digitally signed

DLL digitally signed