Sign Authenticode files with Visual Studio using KSP library
Visual Studio is an an Integrated Development Environment (IDE) for software development on the Windows platform. It provides a user-friendly interface for writing, compiling, testing, and debugging code. Visual Studio supports multiple programming languages, including C++, C#, Visual Basic, and more.
Follow these instructions to sign with Visual Studio and securely reference your private key stored in DigiCert® KeyLocker.
Tipp
Strong name signing is not supported via Visual Studio, refer to Sign strong name assemblies with SignTool.
Prerequisites
Windows operating system
Visual Studio
Download and configure DigiCert® KeyLocker client tools
Certificate requirements
While Visual Studio allows all publicly trusted certificates, private trust certificates need to meet the following requirements:
Key usage
This parameter defines what the certificate may be used for. Set this parameter to Digital Signature for self-signing certificates.
Text extension
This parameter includes settings for the following extensions:
Tabelle 1. Text extension constraintsConstraints
Description
Extended Key Usage (EKU)
This extension indicates additional purposes for which the certified public key may be used.
For self-signing certificates, this parameter should include the extension string "2.5.29.37={text}1.3.6.1.5.5.7.3.3", which indicates that the certificate will be used for code signing.
Basic constraints
This extension indicates whether or not the certificate is a Certificate Authority (CA).
For self-signing certificates, this parameter should include the extension string "2.5.29.19={text}", which indicates that the certificate is an end entity (not a CA).
Configure environment variables
Visual Studio will need to access you private key stored DigiCert® KeyLocker to enable signing. To make this possible you need to provide your DigiCert ONE host, API key, and client authentication certificate and password using one of the methods below:
Configure Visual Studio
The Visual studio configuration procedure depends on how you have configured your environment variables in the previous step: