Just wondering if mvba can be signed without SDK? If yes, any steps or guide would be greatly appreciated. I created a personal cert using power shell and tried the Digital Signature tool in VBA ide, but no luck:
Best regards,
Tuan Le
Hi Tuan,
Tuan Le said: I created a personal cert using power shell
can you share steps (or link to a used workflow) how you created the certificate?
Tuan Le said:but no luck
What Windows tells about your certificate? Is it displayed in installed certificates?
Regards,
Jan
Bentley Accredited Developer: iTwin Platform - AssociateLabyrinth Technology | dev.notes() | cad.point
Turned out I stuffed up the spec of the cert Jan. Didn't set it as codesigning cert. Regenerate the cert with below string and it seems to work:
New-SelfSignedCertificate -subject "Bentley Developer Support" -type codesigningcert -certstorelocation cert:\currentuser\my
Well, spoke too soon. Certificate found, but can't be used for signing:
After further testing, mvba can be signed in SS10. file is attached. But:
In SS10, signed mvba can't be loaded if ms_security_level > low. Expected cut off level is medium
In CE, mvba cannot be signed using self cert in vba ide. But, mvba signed using SS10 can be loaded if ms_security_level <= low. But, once loaded, CE crashes if Digital Signature tool is run in vba ide.
If someone can provide a definitive guide to properly sign mvba outside of SDK, that would be greatly appreciated.
signed_SS10.mvba
Tuan Le said:If someone can provide a definitive guide to sign mvba outside of SDK, that would be greatly appreciated.
I think it will "have to happen" anyway, because in MicroStation CE U16, all MVBA macros will have to be signed. So to provide necessary tools and clear description by Bentley is mandatory (and e.g. to include signing tool into standard installation).
Well, with that source has been unpublished, I'm sort of holding my breath that somehow it won't actually be happening.
Tuan Le said:Well, with that source has been unpublished
In-progress version U16 documentation was available (not publicly) at docs.bentley.com, but it's not now.
Tuan Le said:I'm sort of holding my breath that somehow it won't actually be happening.
It's was mentioned in "What's new in U16" chapter. More people found this information, see e.g. this discussion. So I guess it will happen for sure.
From security perspective it makes sense, because it's not very difficult to modify MVBA file to do something different than author coded.
Hi, TuanWould You please explain me how did you resolved this problem ? At this moment I'm right on this step as You( when certificate is created , founded , but can't sign.
It's still unfixed, even Bentley's dev facing the same issue with their own mvbasign.exe
But how did You signed Your mvba file (signed_SS10.mvba)?