Aurigma offers private-label versions as a part of our Premium licenses. When your customers install ActiveX/Java Uploader on their computers, they see a security warning displaying the name of the company that owns the software. By default, customers see Aurigma, Inc. If you want to replace Aurigma's name with your company name, you can order a private-label version. In this case Aurigma creates a special custom uploader for you. Your company, in its turn, should then purchase a code singing certificate from one of the certificate authorities (e.g. Thawte or VeriSign) and sign the binaries with it.

The topic below explains the steps required for signing a private-label version. You can just ignore this topic if you don't have a private-label version of ActiveX/Java Uploader on your website.

About CAB Files

To make ActiveX Uploader automatically install in Internet Explorer and Internet Explorer 64-bit, you need to pack the Uploader8.ocx and Uploader8_x64.ocx files into the CAB files. The CAB (cabinet) file is a file format developed by Microsoft as a self-installing archive, in particular, for ActiveX controls. To allow installing a CAB file from Internet Explorer, the control, such as ActiveX Uploader, should be embedded into a Web page. For more details about embedding ActiveX Uploader in a Web page see Using Private-label Version of ActiveX/Java Uploader.

During installation, Internet Explorer downloads the CAB file, extracts the OCX file from it as well as any other files, and registers the control.

Each CAB file should contain an INF file. The INF file contains a description of the archive content. It includes such information as a list of files, which files should be registered, where files should be placed, version information, and so on.

Code Signing

It would be insecure to enable Internet Explorer to download from the Web and install arbitrary ActiveX controls, because malicious people could distribute harmful code. To avoid security problems the browsers usually require controls and other software to be digitally signed using a special code signing certificate which is granted to software vendors by such certificate authorities as VeriSign and Thawte. Certificates ensure that the software being installed was actually developed by the specified vendor.

Though browser settings can be adjusted so that unsigned software can be installed, the default settings and corporate company-wide security policies usually do not allow this.

Walkthrough: Building a CAB File

To build a CAB file, in general, you should follow these steps:

  1. Create an INF file that lists all files you are going to put into the CAB file (except for the INF file itself). This file should have the same file name as the CAB file. That is, if you create an EasyUploadTool.cab, you should name the INF file EasyUploadTool.inf. For more details about INF files, see the About INF File Architecture MSDN article.
  2. Sign all the files that will be registered with your digital certificate (that is, RegisterServer key should be set to Yes for these files). In our case it is the Uploader8.ocx and Uploader8_x64.ocx files that need to be signed. To sign it you can use the signtool.exe utility which is distributed with Microsoft .NET Framework SDK.
  3. Pack files into a CAB file using the cabarc.exe utility which is available as a part of the Windows XP Service Pack 2 Support Tools (to download this file click here). If your OS is different from Windows XP you can extract only the cabarc utility using the following commands:
    WindowsXP-KB838079-SupportTools-ENU.exe /C /T:%TEMP%
    expand %TEMP%\support.cab -F:cabarc.exe <Destination path>
    The list of files that should be included into the first CAB file is as follows:
    • Uploader8.ocx representing the control itself
    • <cabinet name>.inf containing information about the package
    The second CAB file is aimed at Internet Explorer 64-bit and should contain the following files:
    • Uploader8_x64.ocx representing the 64-bit version of the control
    • <cabinet name>.inf containing information about the package
  4. Sign the resulting CAB files with your certificate.

Example: Building Uploader8.ocx

Assume you have recompiled ActiveX Uploader and want to put it into Uploader8.cab.

First, you should create the Uploader8.inf file. You can do it in any text editor, for example in Notepad. Copy the following data into it:

[version]
	signature="$CHICAGO$"
	AdvancedINF=2.0
[Add.Code]
	Uploader8.ocx=Uploader8.ocx
[Deployment] 
	InstallScope=user|machine 
[Uploader8.ocx]
	file-win32-x86=thiscab
	clsid={<CLSID>}
	FileVersion=<Version>
	RegisterServer=yes
	RedirectToHKCU=yes

There are two placeholders in this listing:

  • <CLSID> should be replaced with the CLSID of your private-label ActiveX Uploader. Aurigma supplies this parameter with a private-label version. The other way to find out the CLSID of your copy is using the oleview utility which is distributed along with Visual Studio (do not forget to run oleview.exe as administrator at the first time):
    • Type oleview.exe Uploader8.ocx in the Visual Studio command prompt.
    • In the tree view, select coclass ImageUploader. On the right panel, you will see a piece of IDL code.
    • Copy the value of the uuid() attribute from the right panel; this value is the CLSID.
  • <Version> should be replaced with the version of your ActiveX Uploader copy. Aurigma supplies this parameter with a private-label version too. Also, to find out the version of your copy, you can see the properties of the Uploader8.ocx file:
    • Right-click Uploader8.ocx.
    • Select Properties from the context menu.
    • Click the Version tab.

Copy the File version value. Note, that you should replace dots with commas. For example, you should specify 8,0,48,0 instead of 8.0.48.0.

Note

For the 64-bit version of ActiveX Uploader control you should replace the string containing file-win32-x86=thiscab with the following one: file=thiscab.

Put this INF file in the same folder with the Uploader8.ocx file.

Then, create a batch (.bat) file that will build the CAB file from signed files automatically and sign the result. To do that, create a file named BuildCab.bat in any text editor and copy the following data into it (do not forget to remove the line breaks):

"<Path to .pvk to .pfx converter>\pvk2pfx.exe" -pvk "<Path to certs>\MyKey.pvk" -pi <Password> -spc  
    "<Path to certs>\MyCert.spc" -pfx "<Path to certs>\MyCert.pfx" -f
"<Path to signtool>\signtool.exe" sign -f "<Path to certs>\MyCert.pfx" -p <Password> -d "<Control name>" 
    -t "http://timestamp.verisign.com/scripts/timstamp.dll" "<Path to Image Uploader files>\Uploader8.ocx"
"<Path to cabarc>\cabarc.exe" -m LZX:21 -s 6144 n "<Path to resulting CAB>\Uploader8.cab" 
    "<Path to Image Uploader files>\Uploader8.ocx" "<Path to Image Uploader files>\Uploader8.inf"
"<Path to signtool>\signtool.exe" sign -f "<Path to certs>\MyCert.pfx" -p <Password> -d "<Control name>" 
    -t "http://timestamp.verisign.com/scripts/timstamp.dll" "<Path to resulting CAB>\Uploader8.cab"

There are several placeholders in this listing:

  • <Path to .pvk to .pfx converter> should be replaced with the path to the pvk2pfx utility. Typically, it is located in the /Bin subfolder of the Windows SDK installation folder.
  • <Path to certs> should be replaced with the path to your SPC and PVK certificate files.
  • <Password> should be replaced with the password for your PVK file.
  • <Path to signtool> should be replaced with the path to the signtool utility. Typically, it is located in the /Bin subfolder of the Windows SDK installation folder.
  • <Control name> should be replaced with the name that will be displayed in a browser security dialog.
  • <Path to Image Uploader files> should be replaced with the path to the files that will be placed in the CAB file.
  • <Path to cabarc> shoud be replaced with the path to the cabarc utility.
  • <Path to resulting CAB> should be replaced with the path of the folder where your CAB file will be saved.