(Created page with "== Mimicking WESign Functionality == The Window-Eyes [http://www.gwmicro.com/apps/wesign WESign] app provides app developers with the ability to create digitally signed content,...")
Newer edit →
Revision as of 13:44, 8 July 2011
Mimicking WESign Functionality
The Window-Eyes WESign app provides app developers with the ability to create digitally signed content, typically used with paid apps to validate serial numbers or other license criteria.
WESign employs the CAPICOM COM client to sign string data using a digital certificate. The process of signing content can be completed using two CAPICOM objects: Signer and SignedData.
CAPICOM.Signer
The Signer object is a container of signer information obtained from a digital certificate. A digital signature can be verified by a certificate authority or can be self-signed. For the purposes of signed content for apps, a self-signed certificate is acceptable. Information on creating a self-signed certificate can be found in the Creating Digitally Signed Content article.
To load certificate data into a Signer object, do the following:
Set Signer = CreateObject("CAPICOM.Signer")
Signer.Load "path\to\certificate", "password for certificate"
Once the Signer has loaded certificate data successfully it can be used with the SignedData object.
CAPICOM.SignedData
The SignedData object, among other things, is a container for digitally signed data, holding both the data and the certificate used for signing (obtained from the Signer object). To load and sign data, do the following:
Set SignedData = CreateObject("CAPICOM.SignedData")
SignedData.Content = "This is the text to be signed"
strSignedContent = SignedData.Sign(Signer)
The SignedData object also encodes the content using base64 encoding. The final signed, encoded content may look something like:
PT0gTWltaWNraW5nIFdFU2lnbiBGdW5jdGlvbmFsaXR5ID09DQoNClRoZSBXaW5kb3ctRXllcyBbaHR0cDovL3d3dy5nd21pY3JvLmNvbS9hcHBzL3dlc2lnbiBXRVNpZ25dIGFwcCBwcm92aWRlcyBhcHAgZGV2ZWxvcGVycyB3aXRoIHRoZSBhYmlsaXR5IHRvIGNyZWF0ZSBkaWdpdGFsbHkgc2lnbmVkIGNvbnRlbnQsIHR5cGljYWxseSB1c2VkIHdpdGggcGFpZCBhcHBzIHRvIHZhbGlkYXRlIHNlcmlhbCBudW1iZXJzIG9yIG90aGVyIGxpY2Vuc2UgY3JpdGVyaWEuDQoNCldFU2lnbiBlbXBsb3lzIHRoZSBbaHR0cDovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzc1NzMyKFZTLjg1KS5hc3B4IENBUElDT01dIENPTSBjbGllbnQgdG8gc2lnbiBzdHJpbmcgZGF0YSB1c2luZyBhIGRpZ2l0YWwgY2VydGlmaWNhdGUuIFRoZSBwcm9jZXNzIG9mIHNpZ25pbmcgY29udGVudCBjYW4gYmUgY29tcGxldGVkIHVzaW5nIHR3byBDQVBJQ09NIG9iamVjdHM6IF
A Window-Eyes app can use the verification process discussed in the Creating Digitally Signed Content article to validate the content, and act appropriately.
