Author Message
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Hi,

My application requires strong signing. Is there a way I can get a strong signed version 10.1.0.11?

Thanks in advance,

Adam
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
I'm sorry, I don't know what that means. Can you give some more information?

Martin
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Code signing is a method of putting a digital signature on a program, file, software update or executable, so that its authenticity and integrity can be verified upon installation and execution. Like a wax seal, it guarantees to the recipient who the author is, and that it hasn't been opened and tampered with.

https://venafi.com/machine-identity-basics/what-is-code-signing/#:~:text=Code%20signing%20is%20a%20method,been%20opened%20and%20tampered%20with.

My application can't use your DLL because my employer requires that our executables be code signed for security reasons. If my application is code signed then it can't consume another DLL that is not code signed. This is something that whoever builds your DLL would have to do. Your previous 8.1.3 build was code signed.

C:\DevOps\BoldGroup.Avaya\Avaya 8.1.3 DMCC>sn -v ServiceProvider.dll

Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0
Copyright (c) Microsoft Corporation. All rights reserved.

Assembly 'ServiceProvider.dll' is valid

But 10.1.0.11 is not.

C:\DevOps\BoldGroup.Avaya\Avaya 10.1.0.11 DMCC>sn -v ServiceProvider.dll

Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0
Copyright (c) Microsoft Corporation. All rights reserved.

ServiceProvider.dll does not represent a strongly named assembly
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
OK, there is something similar for Java where a jar file can be signed.

I think you will need to sign the dll yourself. Google showed up a few links that gave instructions which looked plausible.

Martin
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
I would literally have to decompile your DLL and recompile it. Are you going to require every developer to have to do this? Please have your developers strong sign it like it should be. Looks like this was an oversite as every other version of your DMCC DLL has been strong name signed.

https://stackoverflow.com/questions/15459816/third-party-dll-does-not-have-strong-name
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Actually, I just noticed you have a newer version that what I had originally downloaded - and it is not strong name signed either. It is file version 10.1.0.140.
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
AdamEurich wrote: Looks like this was an oversite as every other version of your DMCC DLL has been strong name signed.

Are you sure about that? I have looked at several older versions and they don't seem to be signed.

Martin
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
I know 6.2.0.29 is and I just checked 8.1.3.89. Both are signed. I assumed that all before 8.1.3.89 were signed.
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Am I going to have to try to sign this or are you checking with someone there about signing it?
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
I am checking with the product house about this. I don't think it was intended to be unsigned.
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Thank you.
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
I'd like you use your latest 10.1.0.140 if possible.
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
You can download the latest version from https://www.devconnectprogram.com/site/global/products_resources/avaya_aura_application_enablement_services/releases/10_1_2/index.gsp#download-6

Martin
AdamEurich
Joined: Nov 8, 2013
Messages: 55
Offline
Just downloaded it and it's not signed either.
MartinFlynn
Joined: Nov 30, 2009
Messages: 1931
Online
I have opened a bug report for this - AES-31529.
Go to:   
Mobile view