Sorry, but I can't see the problem in the code above. What did you change to make the tool working on your large executable files?
Hi Achim,
the code is trying to load the whole executable into memory (array of bytes) which will fail if there's not enough memory available.
I've changed it to work with the file stream directly (see private Save method):
http://anonsvn.mono-project.com/
...odeFormatter.cs
Hello Tondrej,
Do you have any Delphi examples on signing and verifying a file or stream using windows cryptoapi? I'm a very new to this things.
If you don't have maybe you could just point me to a right direction.
Thanks.
Hi Chris,
an easy way is CAPICOM, more specifically ISignedCode interface:
procedure CodeSign(const FileName, PfxFileName: string; TimeStamp: Boolean; const TimeStampURL: string);
var
Signer: ISigner2;
SignedCode: ISignedCode;
begin
Signer := CoSigner.Create;
Signer.Load(PfxFileName, CodeSignPassword);
SignedCode := CoSignedCode.Create;
SignedCode.FileName := FileName;
SignedCode.Sign(Signer);
if TimeStamp then
SignedCode.Timestamp(TimeStampURL);
end;
procedure CodeSignVerify(const FileName: string; AllowUserPrompt: Boolean = False);
var
SignedCode: ISignedCode;
begin
SignedCode := CoSignedCode.Create;
SignedCode.FileName := FileName;
SignedCode.Verify(AllowUserPrompt);
end;
Look it up on MSDN, import the type library and then you can use it like in the above example.
HTH
Thanks for the suggestion. Is it possible to do signing and verifying on a file (e.g. xml) without using cert? I was planning maybe to generate a RSA signature key pair. I keep the private key to sign my xml file. And my program will have the public key embedded on client side to verify. Or can I embed the public key inside the xml file itself? The reason is I just don't want anyone to get a hand on the public key.
Any advice? Thanks in advance.
Commenting by HaloScan
