Monday, March 29, 2010

Silverlight 4 RC - XAP Signing for trusted applications

We think trusted applications (or elevated privileges applications) will be a widely used feature for this release. We changed the install prompt dialog for trusted applications. These are different dialogs than the typical out-of-browser install prompt as we need the user to have more information provided about them. One key feature of a trusted application is the ability to code-sign the XAP file. Here’s a trusted application install prompt from an un-signed application:

Windows:

Unsigned trusted  application on Windows

Mac OSX:

Unsigned trusted  application on OSX

And here is one from a code-signed one:

Windows:

Signed trusted  application on Windows

Mac OSX:

Signed trusted  application on OSX

Which would you feel more comfortable installing? Notice that in signed applications your custom icon will show as well (even if you have the icon settings set up, if the app is unsigned they will not show). The process of code signing is very simple and although I expect the tooling for Silverlight to improve on this, it is as simple as adding a post-build event task (or a task for automated builds) that uses the signtool.exe (installed with Visual Studio) to sign the XAP. Here’s my post-build event task:

   1: "%ProgramFiles%\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /v 
   2:     /f c:\users\timheuer\documents\authenticode\timheuer.pfx 
   3:     /p "MYPASSWORD" 
   4:     /t TIMESTAMP_URI_FROM_PROVIDER $(TargetName).xap

The PFX file is an exported certificate with my private key and password protected. You can acquire code-signing certificates (normal Authenticode ones) from providers. We were thankful to get assistance in testing this feature from the following providers who can provide you code-signing certificates for your organization:

All of the above provide Authenticode code-signing certificates and are trusted certificate authorities (CA) on Windows. A trusted CA means that their root certificates are already a part of Windows verification. The process of obtaining one is not instant so plan ahead. There is a specific organizational verification process that occurs which may require documentation of proof of the organization and a few phone calls. Once you have these certificates you will be on your way to providing even more trusted applications to your users.

NOTE: Thawte code-signing certificate requests should be made from a Windows XP machine as their current process does not support Windows Vista or Windows 7. If you use Vista/7 you will not be able to export to a PFX file for automated build or to have your certificate stored on other machines. Read each instructions carefully.

You can also sign your XAP using self-signed certificates. If you do so, it is likely that you are not a trusted CA on machines and would have to instruct your users further. In my opinion, it is better to acquire a trusted CA cert for external applications. Take a look at Jeff Wilcox’s epic post on Code Signing 101.

A special note on trusted applications…please read! If you want to take advantage of using the update features of Silverlight for your application (aka CheckAndDownloadUpdateAsync), then your application must be signed. If you do not sign your XAP for a trusted application it cannot auto-update. Self-signed works here to, but don’t get your application in a state where it cannot be updated automatically!

You can view a video walk-through of XAP signing here.


Source : http://timheuer.com/blog/archive/2010/03/15/whats-new-in-silverlight-4-rc-mix10.aspx

No comments:

Post a Comment