• State Not Answered
  • Replies 1 reply
  • Subscribers 31 subscribers
  • Views 289 views
  • Users 0 members are here

[Connect Update 15 C++] Signing plugin

Grace Wong
Offline

Hello,

Not familiar of how to go about an signing or (signing in general ) the plugin since I noticed in some of the .mke, there a comment regarding DLM_NO_SIGN whereby # only for test apps; any delivered app MUST be signed.

I read "Sign MicroStation MDL Applications" ( communities.bentley.com/.../sign-microstation-mdl-applicationsand) and
it mentioned the tool rsign.exe, dllsign.exe, and checksignature. I was under the impression that is located in the bin directory of the SDK but apparently can't find them.

1. Is the above document still relevant? If so where should I look for rsign.exe, dllsign.exe, checksignature.
2. If not relevant, how do I go about signing the plugin?

Additional info, not sure if relevant.
1. Currently i'm using an external batch file to sign the .dll. ( After signing, I right-click on the .dll and under "Digital Signatures" tab, I can see my company's certificate ).
if I have external batch file that runs after bmake and sign the dll, do I need to do anything with the DLM_NO_SIGN variable in the .mke file i.e. ( just leave it as 1 ) ?
2. How to deal with the .ma file if using external batch file. Do I need to sign it at all?

Thanks,
Ian

Parents
  • 0 Online

    Hi Ian,

    at first: as Bob explained in this former discussion, you should use own user profile, not the profile of somebody else. I am not sure whether it's required explicitly in BE Communities / Bentley rules, but from other discussion and community webs I know it's often treated as rules violation when somebody else identity is used.

    Grace Wong said:
    I was under the impression that is located in the bin directory of the SDK but apparently can't find them.

    It's correct only partially. You have to distinguish between signing Bentley-specifci files (like .ma) and general dll files:

    • .ma is Bentley specific format and has to be signed using tool(s) delivered by Bentley. It seems to be defect, because rsign is mentioned both in MicroStation and SDK documentation (BTW your link does not work), but it's not delivered in neither MicroStation nor SDK installation. I guess should be able to check it.
    • .dll (regardless native code or managed assemblies) are Windows standard files and are signed using standard Microsoft tools (dllsign.exe), delivered with Microsoft SDKs (e.g. in Visual Studio installation). It can be easily discovered, when you will check how signToolExe macro is defined in signrscsdefs.mki.
    Grace Wong said:
    if I have external batch file that runs after bmake and sign the dll, do I need to do anything with the DLM_NO_SIGN variable in the .mke file i.e. ( just leave it as 1 ) ?

    It sounds you do not understand fully how code signing (dll files) works: When it's signed by any tool, it's enough, no reason to repeat the process again (when the same signature is to be applied). Another situation is when one file has to be signed by more signatures: In such case the signing tool has to be used repeatedly.

    Grace Wong said:
    2. How to deal with the .ma file if using external batch file. Do I need to sign it at all?

    I think yes, you should, because both .ma and .dll should be signed to be trusted.

    Your external script should call rsign tool (but it's missing), even when I would prefer to configure make file properly to do it, because it's well prepared to do it.

    Regards,

      Jan

    Bentley Accredited Developer: iTwin Platform - Associate
    Labyrinth Technology  |  dev.notes()  |  cad.point

Reply
  • 0 Online

    Hi Ian,

    at first: as Bob explained in this former discussion, you should use own user profile, not the profile of somebody else. I am not sure whether it's required explicitly in BE Communities / Bentley rules, but from other discussion and community webs I know it's often treated as rules violation when somebody else identity is used.

    Grace Wong said:
    I was under the impression that is located in the bin directory of the SDK but apparently can't find them.

    It's correct only partially. You have to distinguish between signing Bentley-specifci files (like .ma) and general dll files:

    • .ma is Bentley specific format and has to be signed using tool(s) delivered by Bentley. It seems to be defect, because rsign is mentioned both in MicroStation and SDK documentation (BTW your link does not work), but it's not delivered in neither MicroStation nor SDK installation. I guess should be able to check it.
    • .dll (regardless native code or managed assemblies) are Windows standard files and are signed using standard Microsoft tools (dllsign.exe), delivered with Microsoft SDKs (e.g. in Visual Studio installation). It can be easily discovered, when you will check how signToolExe macro is defined in signrscsdefs.mki.
    Grace Wong said:
    if I have external batch file that runs after bmake and sign the dll, do I need to do anything with the DLM_NO_SIGN variable in the .mke file i.e. ( just leave it as 1 ) ?

    It sounds you do not understand fully how code signing (dll files) works: When it's signed by any tool, it's enough, no reason to repeat the process again (when the same signature is to be applied). Another situation is when one file has to be signed by more signatures: In such case the signing tool has to be used repeatedly.

    Grace Wong said:
    2. How to deal with the .ma file if using external batch file. Do I need to sign it at all?

    I think yes, you should, because both .ma and .dll should be signed to be trusted.

    Your external script should call rsign tool (but it's missing), even when I would prefer to configure make file properly to do it, because it's well prepared to do it.

    Regards,

      Jan

    Bentley Accredited Developer: iTwin Platform - Associate
    Labyrinth Technology  |  dev.notes()  |  cad.point

Children
No Data
Communities
Support and Services
Training and Learning
Social Media