Wednesday, June 29, 2011

How to create a certificate that can be used in the deployment of a LightSwitch program manually?

You need to use a program called MakeCert.exe to create a certificate that you can use while deploying a Microsoft LightSwitch Application.

You can access the file on your computer if you have Microsoft SDK. You can get the help files using command prompt as shown here,

C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin>makecert /?

This provides you with the description of necessary arguments to create a certificate.

For example for creating a certificate that can be used in the LightSwitch program which requires a code signing certificate the following command line arguments were used:

C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin>MakeCert -sky signature -r -n "CN=hodentek" -pe -a sha1 -len 2048 -ss My -s
r LocalMachine "LS2Tier.cer"

However, after running this program you may have to look on your local machine's certificate store where you will find the certificate. This needs to be exported so that it can be used in a LightSwitch Program when you publish(deploy) the application.

How to obtain a code signing certificate from a CA?

The following six steps helps you in getting a code signing certificate from Comodo CA. There are many others (VeriSign, DigiCode, etc). The author is not recommending this product but interested readers should read this and other similar resources for their code signing purposes. If the program such as LightSwitch Application has a certificate from CA then your users will be safe in assuming that the software has not been tampered when you install it. These steps are only for Comodo and you should look up similar information if you are using others.

The following steps are reproduced from the following site:

The Six Steps In Code Signing

These instructions provide an overview of obtaining and using Microsoft Authenticode and a Code Signing Digital ID from Comodo.

Step 1: Make Sure that you Are Running the Correct Versions of all Tools:

These include:

* Internet Explorer 4.0 or later
* Internet Client SDK

Step 2: Apply for a Code Signing ID for Authenticode from Comodo

In the process of applying for a Code Signing ID, your browser will generate a private key. You should store this private key (called MyPrivateKey.pvk) on a floppy disk, which is stored in a safe deposit box or other secure location. Please make a back-up copy of this private key, as you will need this key to sign code. This key is never sent to Comodo, so if you lose this private key, you will be unable to sign code. If this key is lost or stolen, please contact Comodo immediately.

Step 3: Pick up your Digital ID

Once you have completed the application process, Comodo will take a number of steps to verify your identity. For commercial publishers, Comodo does a considerable amount of background checking. As a result, it will take approximately 3-5 days to verify your information and issue a Digital ID.

At the end of this process, Comodo will send you an e-mail containing a PIN (Personal Identification Number). Follow the instructions in this e-mail to pick up your Digital ID. Save your Digital ID as a file (e.g. MyCredentials.spc).

Please note that you must use the same machine to apply for and obtain your Digital ID. You can then use the private key and Digital ID to sign files on a different machine.

Step 4: Prepare your Files to be Signed

If you are building any PE file (.exe, .ocx, .dll or other), you need not do anything special. For cab files, you need to add the following entry to your .ddf file before creating the cab file: Set ReservePerCabinetSize=6144

Step 5. Sign your Files

You can now sign your .exe, or .cab, .ocx, or .dll file. To sign, you will use the SIGNCODE.EXE utility included in the ActiveX SDK. You will also need your Digital ID file (generally called MyCredentials.spc) and the diskette containing your private key (MyPrivateKey.pvk).

As part of this process you will need to know the URL of Comodo's time stamping server, which is

Step 6: Test Your Signature

The Microsoft SDK contains a utility called chktrust.exe. This may be used to check your signature before distributing your file.

To test a signed .exe, .dll or .ocx file, run chktrust filename
To test a signed cab file, run chktrust -c

If your code signing process was OK, this will bring up a digital certificate. Congratulations, you have just digitally signed your file. When this file is downloaded from a Web site by Internet Explorer, it will display the same certificate to the user. If the file is tampered with in any way after it has been signed, the user will be notified and given the option of refusing installation.

Microsoft and Comodo are committed to making the Internet a secure and viable platform for commerce and the distribution of content through encryption and ssl certificates. With Authenticode and Comodo's Code Signing Digital IDs, your code will be as safe and trustworthy to your customers as it would be if you shrink-wrapped it and sold it off a store shelf.

Tuesday, June 28, 2011

Where can I find MakeCert.exe on my Windows 7 computer?

It is used to create a certificate file, a security measure taken to secure web sites, software codes etc.

You find it here

In C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin

or here

In C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin

Depending on which SDK version you have on your computer you will find in the above directories.

Sunday, June 5, 2011

What is a stored procedure?

Microsoft defines a stored procedure as follows:

A stored procedure is a group of Transact-SQL statements compiled into a single execution plan. You need a bunch of things to understand this.

Wikipedia describes it as follows:

A stored procedure is a subroutine available to applications accessing a relational database system. Stored procedures (sometimes called a proc, sproc, StoPro, StoredProc, or SP) are actually stored in the database data dictionary. This is somewhat simpler to understand.

What I plan to show you here is how a stored procedure is written and how you can use it. In a relational database system you would be using the data from a table or tables. Herein however, I will be explaining in very simple terms but still using the Microsoft SQL Server's database engine.

Example 1:

The first stored procedure is really simple. There are two steps to it. In the first step you create a stored procedure and in the second step you call it.

The stored procedure in this example just echos the value you call the stored procedure with.

1. Create stored procedure:

Create proc sumr @x int
select @x

1. Create proc sumr creates a stored procedure called sumr
2. Next you have to use an argument that you will be calling the procedure later and this is @x (a variable). You should specify what its data type is. Here we just say a variable x which is an integer
3. Now this procedure just displays the variable when called.

Important to note is the syntax, you must write it as shown in the code above.
When you run the above statements in the query designer of Microsoft SQL Server Management Studio(SSMS), the database engine creates the stored procedure and keeps it in its storage.

2. Run (Execute) the stored procedure:

This is very simple and goes like this,

Execute sumr 24

You can also use Exec or exec instead of Execute.

The result produced is 24. You call it with a value of 75 and the result will be 75.

Example 2

The next example is also simple. You might have learnt in elementary algebra an equation shown below:


We could write a stored procedure for this as shown below.

Create Proc sumr3 @x int, @y int
Select @x*@x+2*@x*@y+@y*@y

Here the name of the procedure is sumr3 and it takes two variables x and y and produces the value (x+y)^2

You run the above statement and create the stored procedure sumr3.

Now how do you call this stored procedure. Easy! You need to provide a value for x and a value for y while executing the procedure.

Here's how you call it,

Exec sumr3 3, 4

You are providing x=3 and y=4 and you are looking to find the value of (3+4)^2 .

Of course a database engine is not for doing algebra and this demo was to show that you create one or more placeholders(variables) and then create a simple or complex expression and the database engine stores this complex expression.

You call the expression by providing value for the placeholders and you get to evaluate the expression. It is to be noted that I am not using any data in the database except the stored procedure I created.