File     : how2sign.txt
History: Daniel Sie, 3-Jan-2001

Here is a brief description about how to sign capicom.dll,

1. Check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll, and replace with 
    the FREE build version from VBL release \binaries.x86fre\presign directory.

2. Check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.pdb, and replace with 
    the FREE build version from VBL release \binaries.x86fre\symbols\presign\dll directory.

3. Use a virus checking tool to run on dlls and symbol files (I use Cheyenne Innoculan), see http://prslab.

4. Test signing capicom.dll as follows:

    - copy %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll to a local directory of your choice
    - copy all the files from "\\prslab\tools\IE4Tools" to the above same local directory (xcopy \\prslab\tools\IE4Tools\* /s)
    - follow the instruction in ReadMe.txt you just copied to test sign capicom.dll
    - make sure signing test succeeded

5. Create a signing request at http://prslab/codesign/tool.htm.  You need two co-signers to sign up the request. 
    It seems prs web auto email doesn't work sometimes so you should consider sending an email including the request # by 
    yourself to notify the co-signers.

6. Wait for an email from prslab about signing.  Again you should consider to check the request web site once a day because 
    prslab auto email doesn't work well.

7. Once the signing is done, do the following:

    - check out %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.dll
    - go to http://prslab/codesign/tool.htm to download the signed capicom.dll
    - replace the checked out version with the signed copy
    - run chktrust.exe to make sure it is properly signed and trusted

8. From %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386, do the following to check for matching symbols,

    - symchk .\capicom /s .
    - ntsd regsvr32 .\capicom.dll
    - sxeld (in ntsd)
    - g (repeat in ntsd until you see capicom.dll is loaded from the current directory) 
    - x capicom!* (to see if you can load symbols)

9. sd submit 

    should have the following 3 files,

    - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\presign\i386\capicom.dll
    - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.dll
    - %_NTBINDIR%\ds\security\cryptoapi\pki\activex\release\capicom\i386\capicom.pdb

10. Currently we don't ship the CAB file, however, ff a CAB file is required for distribution, you can follow something similar to this 
     process to sign the cab file. You can use MAKECAB.CMD from %_NTBINDIR%\ds\security\cryptoapi\pki\activex\capicom\release 
     directory to create the cab file.