File : how2sign.txt History: Daniel Sie, 3-Jan-2001 Here is a brief description about how to sign capicom.dll, 1. Check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll, and replace with the FREE build version from VBL release \binaries.x86fre\presign directory. 2. Check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.pdb, and replace with the FREE build version from VBL release \binaries.x86fre\symbols\presign\dll directory. 3. Use a virus checking tool to run on dlls and symbol files (I use Cheyenne Innoculan), see http://prslab. 4. Test signing capicom.dll as follows: - copy %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll to a local directory of your choice - copy all the files from "\\prslab\tools\IE4Tools" to the above same local directory (xcopy \\prslab\tools\IE4Tools\* /s) - follow the instruction in ReadMe.txt you just copied to test sign capicom.dll - make sure signing test succeeded 5. Create a signing request at http://prslab/codesign/tool.htm. You need two co-signers to sign up the request. It seems prs web auto email doesn't work sometimes so you should consider sending an email including the request # by yourself to notify the co-signers. 6. Wait for an email from prslab about signing. Again you should consider to check the request web site once a day because prslab auto email doesn't work well. 7. Once the signing is done, do the following: - check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.dll - go to http://prslab/codesign/tool.htm to download the signed capicom.dll - replace the checked out version with the signed copy - run chktrust.exe to make sure it is properly signed and trusted 8. From %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386, do the following to check for matching symbols, - symchk .\capicom /s . - ntsd regsvr32 .\capicom.dll - sxeld (in ntsd) - g (repeat in ntsd until you see capicom.dll is loaded from the current directory) - x capicom!* (to see if you can load symbols) 9. sd submit should have the following 3 files, - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.dll - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.pdb 10. Currently we don't ship the CAB file, however, ff a CAB file is required for distribution, you can follow something similar to this process to sign the cab file. You can use MAKECAB.CMD from %_NTBINDIR%\ds\security\cryptoapi\pki\activex\capicom\release directory to create the cab file.