PC SOFT

ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

Home | Sign in | English EN
This content has been translated automatically. Click here to view the French version.
  • Overview
  • The certificates
  • Using the certificates to sign a file
  • Using the certificates to sign an email
WINDEV
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac CatalystUniversal Windows 10 App
Others
Stored procedures
Overview
Signing a file allows you to check that the file was not modified or altered since it was signed. The signature also allows you to check the issuer identity.
By using the Windows certificates, WINDEV allows you to sign:
  • files or data strings.
  • emails.
  • Versions 18 and later
    executables.
    New in version 18
    executables.
    executables.
The signature standard used is PKCS7.
The certificates
Two types of certificates exist:
  • the "qualified" certificates.
  • the "non-qualified" certificates.
A "qualified" certificate is delivered by a trusted authority (Verisign, Thawte, ...) and it must be purchased in most cases. A "qualified" certificate is mainly used when the files are distributed outside the company or the organization. For example, files proposed for download.
A "non-qualified" certificate can be directly created by a user from Windows. A "non-qualified" certificate can be sufficient for an internal company or for an organization.
Windows includes a "certificate store" in which the user certificates (also called custom certificates) are installed.
Using the certificates to sign a file
To sign a file (or a character string), the WLanguage proposes:
The principle is as follows:
1. Select the certificate to use via the following functions:
CertificateListReturns the list of certificates available on the computer.
CertificateSelectOpens a window for selecting the certificates. The listed certificates are the certificates installed in the personal store.
The Certificate is stored in an Variable of type Certificate which allows to obtain all its characteristics.
2. Create the signature of file (or string) with the certificate. This signature is a buffer variable that can be stored for example: in a file, a variable, ...
The following WLanguage functions are used to create this signature:
CertificateSignFileCreates the signature of a file. This signature can be stored in a Buffer variable or in a text file.
CertificateSignStringCreates the signature of a character string.
Remark: The signature is not included in the file but it is available separately. This method allows you to create a signature for all the file formats.
3.To check the signature of a file, all you have to do is check the correspondence between the file and its signature. The following WLanguage functions are used to perform this operation:
CertificateCheckStringChecks the correspondence between a signature and a string.
Remarks:
  • Versions 18 and later
    You also have the ability to sign an executable via CertificateSignExecutable. In this case, the signature is included in the executable file.
    New in version 18
    You also have the ability to sign an executable via CertificateSignExecutable. In this case, the signature is included in the executable file.
    You also have the ability to sign an executable via CertificateSignExecutable. In this case, the signature is included in the executable file.
  • You also have the ability to sign and check the signature of duplicate files. For more details, see Printing duplicates.
Using the certificates to sign an email
Signing an email and its attachments allows you to check later that these elements have not been modified or altered since they were signed. The signature also allows you to check the issuer identity.
To sign an email, just specify the Certificate used in the properties of the Variable of type Email. The Variable of type Certificate containing the Certificate to be used is associated with the Certificate property of the Variable of type Email containing the Email to be sent.
The integrity check of a received Email is performed by testing the value of the Property Signature of the Variable of type Email containing the received Email.
Minimum version required
  • Version 16
This page is also available for…
Comments
Click [Add] to post a comment