PAD(R) - Provided by the Association of Software Professionals

PAD(R) is the Portable Application Description, and it helps authors provide product descriptions and specifications to online sources in a standard way, using a standard data format that will allow webmasters and software application librarians to automate app listings. PAD provides a complete content solution for application developers and the webmasters of software catalogs and directories.

PAD Overview -> Specification Resources -> Digital Signature

PAD Signing and Verification Tools

Digital signatures for PAD files.

The tools and techniques described and made available here are intended to allow the user to sign, and verify PAD files, and also to verify the backwards compatibility of the resulting signed PAD files with current PAD file editors and download sites. The methods used are based on well vetted cryptographic algorithms and W3C XMLDSIG standards.

Digital keys used for PAD signing.

This implementation allows the use of .pvk private keys and .spc certificates commonly acquired by software providers for code signing purposes using Microsoft code signing tools. Consequently these files are formatted according to Microsoft specific standards that are not well documented. Tools and a method are given for converting these to the PKCS12 standard format predominantly used in public key cryptography.

Getting the tools

This example assumes that you will be creating a dedicated folder for PAD signing purposes and will be copying all tools, dlls, keys, and certificates to it. Other possible arrangements are left up to the reader. Presently the host OS is assumed to be Windows but all the tools except pvkimprt.exe were created in standard C code that uses GPL licensed support libraries. Care was taken to avoid Windows dependencies so that future implementations can support other OS such as those more typically used in download site servers.

To convert commercial keys and certificates to X509 formats you will need the Pvkimprt.exe Utility freely provided by Microsoft. Run the self extracting archive extracting the setup (also called pvkimprt.exe) to a temporary folder. You can then run the setup to install the executable (also called pvkimprt.exe!) to your pad signing folder.

Now, download the PAD Signing Tools. Unzip all of the files to your PAD signing folder.

Step by step instructions

What follows are step by step instruction on how to sign and verify your PAD files. These examples assume your company name is widgetsco and that your PAD file is named after your product superwidget. Even if digital signing is a relatively straightforward procedure, some find it intimidating the first time. By following the examples below and taking care to note the filenames used you can easily succeed in signing your PAD files.



Visit the official ASP Download Site for free trial versions of our members' great software


ASP Newsgroups
ASP Discounts
ASPects Newsletter
ASP Shareware Guide
Microsoft BizSpark
Shape the Industry

This Web Site and all contents are Copyright© 1996-2008 by Association of Software Professionals, Inc. All Rights Reserved Privacy Statement