Hi Friedrich,

I have an exe that I need to codesign and embed manifest. Does it
make any difference in what order this is done? What I have now is:

#code-sign application ...
#embed Vista manifest...

Any thoughts?

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

Hi Friedrich,

>#code-sign application ...
>#embed Vista manifest...

Apparently it needs to be the other way around.

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

Hi Arnór,

> I have an exe that I need to codesign and embed manifest. Does it
> make any difference in what order this is done? What I have now is:
>
> #code-sign application ...
> #embed Vista manifest...
>
> Any thoughts?

Yes, it does make a difference!! Vista manifest embedding modifies the
binary contents of a file. So if you code-sign first and then embed a
manifest, Authenticode will detect that the software has been altered or
corrupted since it was signed.

Please use:

#embed Vista manifest...
#code-sign application ...

Does this help?

Friedrich

Hi Friedrich,

>Please use:
>
>#embed Vista manifest...
>#code-sign application ...
>
>Does this help?

Made perfect sense after some coffee<g>

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

Arnor,

I have always manifested first, then code signed because I thought the code
signing used some kind of checksum on the file being signed to detect post
distribution tampering. If you *embed* the manifest after code-signing it seems
like it would invalidate the signature.

However, if what you have now is working then my whole understanding is out the
window, just ignore me. :)

Actually I embed the manifest in Clarion and code-sign in SB.

Regards,
Kelly E Major

> Hi Friedrich,
>
> I have an exe that I need to codesign and embed manifest. Does it
> make any difference in what order this is done? What I have now is:
>
> #code-sign application ...
> #embed Vista manifest...

Arnór,

This is what I have been using successfully compiling in the SB65 IDE.

just before create folders in Script Editor in SB install - this order

1. embed Vista manifest
2. if you're using something like Armadillo to protect program, run your
batch file for the protection program
3. Code sign the program

Here's a couple gotcha's to watch out for:

If you Alt Tab to another program while compiling in SB65 IDE, upon return
to SB65 IDE, the compile might hang up on Code Sign Password prompt, most
of the time, just enter the password, and you'll have a successful compile
- OR avoid switching to another program while compiling in SB65 IDE.

Armadillo - If you've recently compiled in Clarion, of course, the EXE is
going to be unprotected, and you can use a batch file within SB65 to
protect it as I have pointed out - embed Vista manifest - Armadillo batch
file protect, then code sign.

But if for some reason, you used the Armadillo interface - Classic or
Software Passport interface to protect the program (IN Testing a NEW SETUP)
(OUTSIDE the SB65 compile method I am suggesting) - then the Vista manifest
WON'T get embedded during the SB65 IDE compile method - so I sometimes run
a unprotect batch file - OUTSIDE the SB65 IDE to make sure the SB65 IDE
sequence - embed Vista manifest - Armadillo batch file protect, then code
sign - works properly.

David


--
From David Troxell - Product Scope 32 PRO - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/