Hi,
I need to sign .ma application. I read .ma application can be signed with rsign.exe.
But I didn't found rsign.exe in SDK location.
Where can I find rsign.exe to sign .ma file. Also heard rsign.exe is not delivered with MicroStation Connect SDK.
Suggest me how to sign .ma application using rsign.exe or any another approach.
Thanks in advance!
at first, please follow the best practices! To discuss any issue without knowing used version (to say "CE" is just not enough) can be confusing and inefficient.
kalyani Reddy said:Suggest me how to sign .ma application using rsign.exe
It's described e.g. in this wiki article (and I guess also somewhere in SDK documentation).
kalyani Reddy said:Also heard rsign.exe is not delivered with MicroStation Connect SDK.
It was (at least in V8i), but it is not in the current (CE Update 15) version. I am not sure about older CE SDK versions.
kalyani Reddy said:Where can I find rsign.exe to sign .ma file.
Bentley has to provide this tool, because .ma is proprietary Bentley format.
I do not know whether e.g. rsign.exe from V8i SDK can be used to sign CE .ma files?
Maybe Robert Hook can help?
Regards,
Jan
Bentley Accredited Developer: iTwin Platform - AssociateLabyrinth Technology | dev.notes() | cad.point
Jan Šlegr said:at first, please follow the best practices! To discuss any issue without knowing used version (to say "CE" is just not enough) can be confusing and inefficient.
My Apologies. Will follow the best practices.
Jan Šlegr said:It was (at least in V8i), but it is not in the current (CE Update 15) version. I am not sure about older CE SDK versions.
We are using CE update 10.
Jan Šlegr said:I do not know whether e.g. rsign.exe from V8i SDK can be used to sign CE .ma files?
Can you please suggest how to sign .ma file? rsign.exe does not exists with me as we didn't installed v8i.
Is there any other way to sign CE .ma file.
Thanks
kalyani Reddy said:Can you please suggest how to sign .ma file?
A .ma file for MicroStation CONNECT contains binary resource data: message lists, command tables etc.
.ma
Consequently, there's no value in signing a .ma file in CONNECT edition, because it contains no executable code. It's the companion DLL that you need to sign. The DLL is a Windows DLL, built using the compiler and linker provided by Viz Studio. If you want to sign it, then you can use other Windows tools, but those are not part of the MicroStation SDK.
In earlier (32-bit) versions of MicroStation, we could write MDL executable code that was stored in a .ma file. In the olden days, therefore, it made sense to sign a .ma file.
Regards, Jon Summers LA Solutions
Jon Summers said:Consequently, there's no value in signing a .ma file in CONNECT edition
I disagree.
I assume (but I do not test it) that MicroStation CE requires everything is signed, otherwise application cannot be loaded e.g. in high security mode.
And even without such requirement, the signature is the only proof that the file content was not changed. Otherwise you can (potentially) modify .ma to load another (infected malicious) dll files at background.
Jan Šlegr said:the signature is the only proof that the file content was not changed
I acknowledge your correction! But is there a mechanism to sign a resource file? Was rsign.exe ever used to sign a resource file?
rsign.exe
When building a DLL, the switch to sign it is specified with the DLM_NO_SIGN macro, which has nothing to do with the resource files.
DLM_NO_SIGN
I think you're right — we need a comment from Robert Hook.
Jon Summers said:But is there a mechanism to sign a resource file? Was rsign.exe ever used to sign a resource file?
Even when I did not use rsign in this way, it is possible. rsign represents itself as Microstation Resource File Signing Utility.
And even when .rsc is just static data structure, the signature tells who is author, so there is a benefit. E.g. in V8i, ustation.rsc is signed by 2 certificates.
Jon Summers said:It's the companion DLL that you need to sign
So, Jon as per you signing the DLL is fine and no need to sign .ma file?
Jan Šlegr said:I disagree.
Can you suggest the workflow to sign the .ma file.
kalyani Reddy said:Jon as per you signing the DLL is fine and no need to sign .ma file?
I do not quite understand why you ask Jon.
You want to sign your application for some reason. We do not know the reason. It can be because otherwise the application will be not loaded (because you configure MicroStation in such way) or you want to deliver the application in a professional way, where every file is digitally signed.
Depending what is your priority, you have to decide whether you need to sign .ma or not. Plus, it has to be tested with expected MicroStation configuration.
kalyani Reddy said:Can you suggest the workflow to sign the .ma file.
I think it was answered clearly and also described on the linked wiki page: To sign .ma, you need rsign.exe. When it's not available, .ma file cannot be signed (or at least, both me and Jon do not know such option).
So, as was discussed already too, the information how to obtain rsign.exe and whether it's necessary, can be provided by Bentley only.