Dotfuscator User's Guide
Authenticode Signing Assemblies

Authenticode signed assemblies are digitally signed by a code signing certificate issued by a trusted root certificate authority. This allows the operating system and runtime to determine the publisher of an application and to determine if the assembly has been altered after being signed. The signature is a hash encrypted with the private key of a code signing certificate. Both the signature and the public key are embedded in the assembly’s metadata.

Since Dotfuscator modifies the assembly, it is essential that Authenticode signing occur after running the assembly through Dotfuscator.

Dotfuscator handles this step as part of the obfuscation process.

Automatic Authenticode Signing after Obfuscation

As part of the build process, Dotfuscator performs Authenticode signing of output assemblies. You must tell Dotfuscator explicitly where to find the code signing certificate store as a PFX container and optionally the password for the container.

Dotfuscator provides the ability for you to specify the URL of an Authenticode timestamp service when performing Authenticode signing. This URL will be accessed during Dotfuscator's signing process, and will provide additional data which will allow your assemblies' Authenticode signatures to remain valid after your code-signing certificate has expired.

The following example shows an XML configuration file fragment that performs Authenticode signing.

Authenticode Digital Signing
Copy Code
    <pfx password="secret123">
      <file dir="C:\test" name="authenticode.pfx" />



© 2017 PreEmptive Solutions, LLC. All Rights Reserved.