Digitally signing LANSA application DLLs

Date: 20 January 2015
Product/Release: Visual LANSA V13 SP2
Abstract: Suggested process for signing LANSA Application DLLs
Submitted By: LANSA Technical Support

Digitally signing LANSA application DLLs (i.e. DLLs for Forms, Reusable Parts, Functions, IO Modules etc) may be required for audit purposes, and can be used for whitelisting by antivirus providers. LANSA provides a feature for digitally signing deployment tool packages, however the digital signing of LANSA objects is not currently possible from within LANSA.

The reason for this is that it may not be appropriate for developers to be signing their DLLs every time they compile an object. The signing of DLLs should only be done as part of the final release process, much like creating a deployment package. As such it could be implemented using some sort of script that the release manager employs. This should be written/designed yourself and depends on the scripting language/signing tool being used

A typical build/release process might be:

  1. Compile all DLLs
  2. Sign all DLLs using a script
  3. Package all DLLs for inclusion in an MSI version

For a patch release, only the required objects would be compiled and signed before packaging up.

As a final note it is important to ensure that the certificate is handled securely, by adding it to the key store on the build machine and password protected so it can only be used on that build machine and cannot be exported.