Signing + Tagging

<< Click to Display Table of Contents >>

RayPack > 7.3 u6 > User Guide > Settings 

Signing + Tagging

 

finger1

Tip:

See the Advanced section for detailed instructions on how to obtain or generate a certificate that can be used to configure these settings.

 

This screen is used to configure the default signing profile.

Settings_PackageSigning_Complete

RayPack supports three different methods

 

Signing with a certificate stored in a password-protected PFX file

Signing with a certificate whose private key information is protected by a hardware cryptography module.

Signing with a certificate created using the Device Guard Signing Service.

 

PFX File Data

 

Digital certificate file (PFX)

Please use the BROWSE button to define the path to the PFX file that has to be used for package signing. As an alternative, it is possible to type the path manually if logical path references, such as UNC path definitions, are required due to environment architecture reasons.

The certificate file must be available for successful package signing during package build procedures.

 

Certificate

Please use the BROWSE button to define the path to the certificate. As an alternative, it is possible to type the path manually If logical path references, such as UNC path definitions, are required due to environment architecture reasons.

The path to the certificate is optional, it does not have to be given for package signing during build procedures.

 

Password

Please enter the password connected to the given certificate.

The password must be available for successful package signing during package build procedures.

 

Hardware Cryptography Module Data

 

Certificate

The certificate name, for example "My High-Value Certificate"

 

Device Guard

Infrastructure-less signing with Device Guard Signing Service (DGSS) has been added in this release. In order to get started, visit the updated Signing + tagging tab, and perform a one-time sign-in with AzureAD credentials with a user that has necessary signing permissions configured in the Microsoft Store for Business Portal. After that, the packages can be signed with a certificate, for which the root certificate can be downloaded from Microsoft Store for Business.

 

package-signing

 

For more information about package signing, refer to the signtool documentation:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa388170(v=vs.85).aspx

 

Timestamp Server

Defines whether a timestamp server has to be used during signing. If a timestamp server is used, an internet connection is required to sign the package. This option is available for all three methods.

 

Timestamp server

Select the timestamp server to use from the dropdown box. To not use a timestamp server, select the Do not use timestamp server option. The following options are available:

Do not use timestamp server.

http://timestamp.digicert.com

http://timestamp.globalsign.com/tsa/r6advanced1

http://sha256timestamp.ws.symantec.com/sha256/timestamp

http://time.certum.pl

http://timestamp.entrust.net/TSS/RFC3161sha2TS

 

Digest algorithm

This option is used to choose the digest algorithm that will be used. The following options are available:

sha1

sha256

sha384

sha512

 

Use the Test timestamp server with chosen digest algorithm link located below the dropdown box to ensure that the chosen server supports the selected algorithm.

 

 

Software Identification Tag

RayPack provides an easy way to create an ISO/IEC 19770-2:2009 compatible tag for the purpose of software inventory. By default, the tags are generated for projects built (RPP / MSI / MST) and saved (MSI / MST) by PackDesigner module.

 

Create ISO/IEC 19770-2:2009 tags for MSI packages

Specifies whether the software tags are created. Untick the switch to disable creation of software tags.

 

Require Software Entitlement

Enable this option if the license compliance software should to try to check whether the current user is entitled to have this software installed on his machine.

 

Tag Creator Name

The name of the tag creator

 

Tag Creator ID

The registration ID identifying the software creator. It has to follow the regid pattern (see below)

 

Software Creator Name

The name of the tag creator

 

Software Creator ID

The registration ID identifying the software creator. It has to follow the regid pattern (see below)

 

Software Licensor Name

The name of the software licensor

 

Software Licensor ID

The registration ID identifying the software licensor. It has to follow the regid pattern (see below)

 

 

Regid pattern

The registration identifier is a string used to identify the entity. It uses the following format:

 

regid.YYYY-MM.reversedDomainName,division_optional

 

for example:

 

regid.2015-07.reversedDomainName,division_optional

 

papercliper

Note:

RayPack validates the input in regid fields and displays a red icon next to it if the text is not valid.