PAD(R) - Provided by the Association of Software Professionals
PAD(R) is the Portable Application Description, and it helps authors provide product descriptions and specifications to online sources in a standard way, using a standard data format that will allow webmasters and software application librarians to automate app listings. PAD provides a complete content solution for application developers and the webmasters of software catalogs and directories.
PAD Signing and Verification Tools
Digital signatures for PAD files.
The tools and techniques described and made available here are intended to allow
the user to sign, and verify PAD files, and also to verify the backwards compatibility of the resulting
signed PAD files with current PAD file editors and download sites. The methods used
are based on well vetted cryptographic algorithms and W3C XMLDSIG standards.
Digital keys used for PAD signing.
This implementation allows the use of .pvk private keys and .spc certificates
commonly acquired by software providers for code signing purposes using Microsoft
code signing tools. Consequently these files are formatted according to Microsoft
specific standards that are not well documented. Tools and a method are given for
converting these to the PKCS12 standard format predominantly used in public key
Getting the tools
This example assumes that you will be creating a dedicated folder for PAD signing
purposes and will be copying all tools, dlls, keys, and certificates to it. Other
possible arrangements are left up to the reader. Presently the host OS is assumed
to be Windows but all the tools except pvkimprt.exe were created in standard C code
that uses GPL licensed support libraries. Care was taken to avoid Windows dependencies
so that future implementations can support other OS such as those more typically
used in download site servers.
To convert commercial keys and certificates to X509 formats you will need the
Pvkimprt.exe Utility freely provided by Microsoft. Run the self extracting
archive extracting the setup (also called pvkimprt.exe) to a temporary folder.
You can then run the setup to install the executable (also called pvkimprt.exe!)
to your pad signing folder.
Now, download the PAD Signing Tools.
Unzip all of the files to your PAD signing folder.
Step by step instructions
What follows are step by step instruction on how to sign and verify your PAD files.
These examples assume your company name is widgetsco and that your PAD file is named
after your product superwidget. Even if digital signing is a relatively straightforward
procedure, some find it intimidating the first time. By following the examples below
and taking care to note the filenames used you can easily succeed in signing your PAD files.
Visit the official ASP Download Site for free trial versions of our members' great software
ASP Shareware Guide
Shape the Industry