Copyright Paul C. Caswell 2004-2007 All Rights Reserved
Menu
Buy Online
Digi-Sign
 
Navigate
Introduction
Whats it for?
Installation
Compatibility
Download
How to Use
License
Acknowledgements
 
Information
Contact
 
About
The Author
 
Awards
Introduction
Digi-Sign is a simple program for digitally signing win32 images (Executables and DLLs) together with a simple DLL and API for validating those signatures. It is intended to provide a means of determining whether an image has been modified in any way (i.e hacked) since it was digitally signed. This can be useful if you need to ensure the integrity of your deployed files. The API is supported under both Visual C++ 6.0 and Visual Basic 6.0 and examples are provided.

What is it for?
Consider the following scenario. You build an application that consists of an executable and a number of DLLs. The DLLs are critical to your business model as they grant and release licenses to your applications. In the world of hacking the DLL is easily modified to always grant licenses and your revenue stream ceases. Your application needs a means of determining whether the DLL has been modified since release. This is the capability that Digi-Sign provides.

Installation and Compatibility
Digi-Sign requires the Microsoft VB runtime files. If they are not installed on your system you should install them prior to installing Digi-Sign (download available here). Digi-Sign signature addition capabilities will only operate on Windows 2000, NT4, XP and later operating systems. You cannot add signatures to images on Windows 95, 98 and Me although the Digi-Sign signature checking facilities should work.

Download
You can download the application (zip file) by clicking here (1162K)

How to use Digi-Sign
There are two things that you may want to do with Digi-Sign. These are:

Digitally sign an image
Digi-Sign is intended to be simple to use in that the digital signature is added to your files after they have been developed (using C++ or VB). The digital signature is added with the Digi-Sign HCI.

As you can see the user interface is very simple. Select the file you want to sign and then press the sign button. Any errors will be reported to you.

Check an images digital signature to ensure the image is valid
Having signed your image you will want to check it at some point in the future. The Digisign.dll provides the means to:

1. Check the existence of a digital signature in a file.
2. Read the digital signature within a file.
3. Compute the expected digital signature for a given file based on the byte content of that file. Therefore if the computed signature does not match the actual signature the file has been modified since it was originally signed.

Rather than try to explain how each of these operations are performed there are example projects for both Visual C++ 6.0 and Visual Basic 6.0 contained in this distribution. Take a look at these to see how to use the API.

License
THIS PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THE AUTHOR ASSUMES NO RESPONSIBILITY FOR ERRORS IN THIS PROGRAM OR OTHER DOCUMENTS WHICH ARE REFERENCED BY OR LINKED TO THIS PROGRAM.

REFERENCES TO CORPORATIONS OR INDIVIDUALS, THEIR SERVICES AND PRODUCTS, ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS PROGRAM.

IN OTHER WORDS YOU USE THIS PROGRAM ENTIRELY AT YOUR OWN RISK.

Acknowledgements
Thanks to:
Barry S. Kyker for his help with Win32 Resources.
RSA Data Security, Inc. for their MD5 message digest algorithm.