Introduction

This article outlines the precise steps for digitally signing an OV code using a dongle.

Instructions

1. Connect Dongle to Laptop USB Drive:

• You will need a SafeNet USB Token connected to a machine where InstallAnywhere software is present and install the SafeNet drivers that comes with the vendor.
• EV vendor drivers will automatically place the certificate alias in the store without the associated private key. The actual signing process exclusively occurs from the dongle.

2. Navigate to InstallAnywhere:

• Open InstallAnywhere and go to Project -> Platforms -> Windows -> Digital Signing -> click (...) on certificate information.

3. Certificate Selection:

• A certificate selection form will appear.
• Choose the option "Use a certificate store."
• Specify Certificate store name as: Personal.
• Specify Certificate store location as: User.
• Select the Certificate subject from the list of certificate that will be populated.

4. Configure Signature Digest:

• Choose Signature digest as 'Based on certificate hash.'
• Click OK.

5. Timestamp Server Details:

• Fill in the required details for the Timestamp Server.
• Enter the password.

6. Build InstallAnywhere Project:

• Build the InstallAnywhere project.
• During the build, a prompt will request the Token password. Enter the password.

Notes

1. User Authentication During Signing Process:

• Users will be prompted for the token password during the signing process when the certificate is accessed from the dongle.
• Note that the password prompt originates from the SafeNet or other EV vendor driver, not InstallAnywhere.
• The token password is mandatory to access the private key from the dongle, with all sensitive information ( including the token password ) is safeguarded by the administrator password.

2. Administrator Privileges:

• Regardless of the user logged in, be it the administrator or another user, access is granted upon providing the correct password in the prompt generated by the vendor.

3. Successful Build Completion:

• Following these steps, the build is completed successfully.

4.There is also an option called 'Enable single logon' setting that comes with EV client software tool (eg. SafeNet Authentication Client) which helps to limit user interventions per session with only one token password request. 

5. These steps apply universally to various types of OV code signing certificates.

6. This feature is supported in all versions of InstallAnywhere that facilitate digital signing.

How to Enable Single Sign - On:

1. Single Sign-On Option:

• To enable single sign-on, click on the settings symbol in the top right corner of the SafeNet tool.
• Navigate to Client Settings and enable single logon with the accompanying option.

2. Step to bypass the need for entering the password with each build:

• Unless the dongle is disconnected or a certain time interval is exceeded, it will not prompt for a password.