Digital signing of Smart Components
A Smart Component with code-behind contains executable code. Code-behind assemblies can be distributed either by embedding them in the SmartComponent library file (.rslib) or as part of an add-in in a Distribution Package. It can be either downloaded from the Internet or sent to the user in an attachment. For users to trust the Smart Component, any embedded code-behind assembly must be digitally signed. Digital signing preserves authenticity and integrity of the code. It assures users the authenticity of the code source and also verifies that the code has not been tampered with since it was published.
The code in the Smart Component executes with the privileges of the user running RobotStudio.exe. In many cases a RobotStudio user has administrator rights and hence a malicious code-behind assembly can harm the computer. The Authenticode signing of Smart Components prevents the signature verification warning message from getting displayed whenever a station or a component is loaded.
The most common way to distribute code-behind assemblies is to embed them in the Smart Component library file (.rslib). This gives a Smart Component which is self-contained and has no requirements on other software, other than RobotStudio. As a security measure, RobotStudio displays a warning message when a Smart Component is loaded, if it has:
- an embedded non-signed assembly.
- an assembly which is signed with a non-trusted signature.
Smart Components with code-behind in a trusted location
You can avoid the digital signing of your Smart Component with code-behind if you install it under a trusted location like C:\Program Files (x86)
.
Then RobotStudio will not check for the Authenticode signature as this location is trusted by Windows.
If you develop an add-in that depends on Smart Components for its features, it may be more convenient to distribute the code-behind assemblies as part of your product installer. Here you can update the assembly without updating the Smart Component instances. Moreover, if you have a large number of Smart Components, then it is easier to maintain, develop and test the code-behind when it is not embedded in the components themselves. For instance, the code-behind for the RobotStudio base components like LogicGate is distributed in this method.
A limitation with this approach is that your Smart Component will require your product to be installed to work properly. However, if you install your assemblies under a trusted location, then RobotStudio will not check for the Authenticode signature.
Digital signing of embedded assemblies
Developers of RobotStudio Smart Components with code-behind can digitally sign their embedded assemblies using Microsoft’s Authenticode technology. To learn more about Authenticode signing, visit the following MSDN pages:
- http://msdn.microsoft.com/en-us/library/ms537359(v=vs.85).aspx
- http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx
Note
Digital signing does not guarantee that the code is safe to run, but it is a mechanism that lets a user know that the software publisher is part of the infrastructure of trusted entities.