1.
Make a Win32 or MFC DLL with Visual C++. Assume it is named “myfile.dll”.
2.
Get a pair of certificate and private key (e.g. “testcert.cer” and “testcert.pvk”). As a requirement for WinSxS, the certificate key must be at least 2048 bits. As a result, we cannot use “makecert” to make it. We can request one from our Certificate Authority. Please choose the proper provider, so that we can specify 2048 bits as the “Key Size”.
Store the .cer, .pvk and the .dll file in the same folder.
3.
Open a Visual Studio 2005 Command Prompt, so that we can use the SDK utilities directly. Issue the following command to get the publicKeyToken from the .cer certificate:
pktextract testCert.cer
We will get the publicKeyToken in the output (“bb28decf5785d648”):
Microsoft (R) Side-By-Side Public Key Token Extractor 1.1.3.0
Copyright (C) Microsoft Corporation 2000-2002. All Rights Reserved
Certificate: "CATry-Catch" - 2048 bits long
publicKeyToken="bb28decf5785d648"
Pktextract.exe
4.
Use Notepad to create a manifest file (e.g. “myfile.manifest”), with the following content:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="Microsoft.Windows.MySampleAssembly"
version="1.0.0.0"
processorArchitecture="x86"
publicKeyToken="bb28decf5785d648"/>
<file name="myfile.dll" hashalg="SHA1/>
</assembly>
Note that we need to put the public key token extracted from the previous step into the manifest. The following is the reference to assembly manifest files:
Assembly Manifests
5.
Issue the following command:
mt.exe -manifest myfile.manifest -hashupdate -makecdfs
After this, the content of the manifest file (“myfile.manifest”) will contain the hash for the DLL (“myfile.dll”). The -makecdfs option generates a file named “myfile.manifest.cdf” that describes the contents of the security catalog that will be used to validate the manifest.
Mt.exe
6.
Issue the following command further to build a verification catalog:
makecat myfile.manifest.cdf
MakeCat
7.
Use the “pvkimprt” utility to generate a “.pfx” file with the “.pvk” and “.cer” file:
pvkimprt -pfx testcert.cer testCert.pvk
The utility can be downloaded from the following site:
Assume we named the PFX format file as “testcert.pfx”.
8.
Use the SignTool to sign the catalog with the certificate:
signtool sign /f testcert.pfx /p PasswordForPrivateKey /du http://www.mycompany.com/MySampleAssembly /t http://timestamp.verisign.com/scripts/timstamp.dll myfile.cat
Please replace “PasswordForPrivateKey” with the actual password.
SignTool
At this stage we have the 3 files required for deploying the shared Side-by-Side assembly:
myfile.dll
myfile.cat
myfile.manifest
Then we can go to the Windows Installer part.
1.
Use Visual Studio .Net to create a Setup project. Add the 3 files above into the project and build the project.
2.
Use Orca to open the built MSI file for further editing.
How to use the Orca database editor to edit Windows Installer files
3.
In the “File” table, we should see 3 rows, each’s “FileName” column points to one of the 3 files (e.g. “myfile.dll”, “myfile.cat” and “myfile.manifest”). We edit the rows for “myfile.cat” and “myfile.manifest”, by replacing their “Component_” column with the value from the “Component_” column of the “myfile.dll” row. This effectively assign the 3 files into the same component originally used by “myfile.dll”. Please take a note of the 2 component names (e.g. the original values from the “Component_” column of “myfile.manifest” and “myfile.cat” rows) being replaced.
4.
Go to the “Component” table. We should see 3 rows here. Let’s delete the 2 rows whose “Component” columns have the same values we replaced in step 3 (e.g. the original component names for “myfile.manifest” and “myfile.cat”).
5.
Go to the “FeatureComponent” table, repeat step 4 and delete the unnecessary component rows for “myfile.manifest” and “myfile.cat” also.
6.
Go to the “MsiAssembly” table, add a new row:
Component_: <the value taken from the “File” table, “Component” column for “myfile.dll”, “myfile.manifest” or “myfile.cat” (these 3 “Component” columns should contain the same value after step 3)>
Feature_: DefaultFeature(This is the only feature name in Visual Studio 2005/2003 Setup Project. It can also be found from the “Feature” table or “FeatureComponent” table.)
File_Manifest: <the value taken from the “File” table, “File” column for the file “myfile.manifest>
File_Application: <Leave this empty>
Attribute: 1
7.
Go to the “MsiAssemblyName” table, add 5 rows, whose “Component_” columns are all the value taken from the “File” table, “Component” column for “myfile.dll”.
The “Name” columns and “Value” columns of the 5 rows are taken from the content of the manifest file:
Name Value
type win32
name Microsoft.Windows.MySampleAssembly
version 1.0.0.0
processorArchitecture x86
publicKeyToken bb28decf5785d648
8.
Save the MSI file and exit Orca. (Do not use “Save As” command.
The resultant MSI file should be able to install our “myfile.dll” as Side-by-Side shared assembly into the WinSxS folder.
Here are some addition references related to the subject:
Assembly Signing Example
Installing Win32 Assemblies for Side-by-Side Sharing on Windows XP