Digital signing tools (such as SignTool.exe, X2NetSignCode.exe, etc.) can be used to digitally sing your executable. Digital signing process is also known as code signing. You will need some code signing tool, digital certificate and a internet connection on the build machine.
Digital signature allows software developers to include information about themselves and their code with their software. It also prevent changes in executables:
|•||Content Source: End users can confirm that the software really comes from the publisher who signed it.|
|•||Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed.|
Normally, digital signing tools do not have any special requirements on executable. Of course, you still need certificate and internet connection (for time-stamping), but executable can be anything. No debug information is required either. Hooks and run-time modifications are allowed without restrictions. The only possible issue: digital signing may conflict with EurekaLog's own integrity check (CRC calculations). Therefore, your actions to integrate with digital signing tools would be:
Example: automatically digitally sign executable on build
|1.|| Create or open the project.|
|2.|| Enable and configure EurekaLog.|
|3.|| Open EurekaLog project options:|
|4.|| Open build events page and place a call to digital signing tool to post-build event (success). Exact command line depends on your tool. Usually there should be argument to indicate certificate file(s), time-stamping service, password for private key, description of executable, and executable itself. You can use %_IDETarget% pseudo-variable to automatically point to final executable file.|
|•||Do not confuse post-build's success and failure events. You need to insert call to post-build success event, not into post-build failure event.|
|•||You may need to specify full file path for tool's .exe file (like C:\Tools\signtool.exe).|
|•||Do not forget about surrounding double quotes for files with spaces in path.|
|•||Delphi/C++ Builder 2007+ also have build events. Do not place call to signing tool to IDE's build events. Build events of IDE are executed as part of compilation - thus, IDE's post-build event will fire before EurekaLog will be able to do its post-processing. This means that EurekaLog's post-processing will modify executable and break digital signature. Therefore, you should use EurekaLog's post-build events to call signing tool only after compilation and post-processing.|
|•||It's not strictly necessary to disable "Check file for corruption" option. This option uses standard CRC checksum field in PE header. Normally digital signing process will update this field to reflect changes. However, even though this option still may work after signing - it may be not needed, because this work will be done by OS loader when checking digital signature on load. On the other hand, default configuration of OS allows running executable with broken digital signature, so you may want to keep "Check file for corruption" option turned on.|
Build date: 2020-01-21
Last edited: 2018-06-14
The documentation team uses the feedback submitted to improve the EurekaLog documentation.
We do not use your e-mail address for any other purpose.
We will remove your e-mail address from our system after the issue you are reporting has been resolved.
While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback.
After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.
Permanent link to this article: https://www.eurekalog.com/help/eurekalog/external_digital_sign.php