Sign the PE file

To sign the Portable Executable file (EXE, DLL, OCX), you need to use TElAuthenticodeSigner component.

First, create an instance of TElAuthenticodeSigner component. Call OpenFile() method of TElAuthenticodeSigner class to load the PE file.

Next step is to add one or more certificates. This is done by calling AddCertificate() method of TElAuthenticodeSigner class. Note, that in order for Windows to validate the signature you need to provide a complete certificate chain. To do this, call AddCertificate() method multiple times passing the certificates of the chain there. Alternatively, you can pass the end-entity certificate of the certificate chain to AddCertificate() and TElAuthenticodeSigner will pick all certificates from the chain. See the corresponding how-to article for more information about the TElCertificateChain class.

Next thing to do is to add the authenticode using a call to AddAuthenticode() method of TElAuthenticodeSigner class and passing it acSHA1 constant as a parameter.

To add the signature use AddSignature() method of TElAuthenticodeSigner class. When calling AddSignature, you can specify if you need to add the timestamp. See the corresponding how-to article for more information about the timestamping of Authenticode signatures.

Finally call CloseFile() method of TElAuthenticodeSigner class to sign the file and close it.