PDA

View Full Version : Digitally Sign OCI using Smart Card



jrydzy
01-29-2009, 09:40 AM
I am deploying an InstallShield 2008 Installscript OCI application for the DOD and I am expected to digitally sign the code using a DOD issued code signing CAC (smart card). I am able to sign the ocx, exe, and dll files with the CAC using the signcode wizard that allows me to pick the CAC code signing certificate from my windows store.

The problem I am running into is that I still need to sign the OCI header file (data1.hdr). From what I've read the only way to sign this type of file is to use the InstallShield built isign.exe application. However it appears that the isign.exe application only allows you to sign files using file based private keys. With a CAC the private key cannot be extracted from the card so I cannot create a file based keystore, you have to access the card directly to do the signing.

Is there a way to use a smart card private key with isign.exe? Is there another application that I can use to sign an hdr file? Is this functionality available in a newer release of InstallShield?

Any help on this would be greatly appreciated. Thanks in advance.