Digital Signing Requirements
Last updated
Was this helpful?
Last updated
Was this helpful?
Starting with SanteDB iCDR and dCDR version 2.1.80 (Paris) both the dCDR and iCDR require that all .NET assemblies which are registered for service use are digitally signed. There are two ways you can sign your .NET plugins for use in a release version of SanteDB.
The requirement of digital signatures on .NET code ensures that:
The plugin comes from a reputable company which has been validated by a third party source or by the SanteSuite community.
The plugin code has not been tampered with since the publisher compiled and signed the assembly.
Verifies the publisher of the plugin (opposed to a self-assertion by the publisher)
When set to Informational log level you will see log entries indicating successful validation of the plugin:
When code is not digitally signed , any services provided by that assembly will not be loaded and an error log message will appear:
On Microsoft Windows operating systems you can validate digital signatures and publishers of a plugin by right clicking on the plugin in Windows Explorer and using the Digital Signatures tab of the properties window.
By clicking Details you can view the digital signature on the assembly code and validate the issuer and publisher of the digital signature.
You can disable code validation by setting the allowUnsignedAssemblies attribute on the ApplicationServiceContextConfigurationSection as:
You should only use this setting for development and debugging environments (such as when referencing the SanteDB Nuget package). If disabled, the host service will load and execute any assembly code contained in the configuration file.
If you're only developing software for SanteDB and wish only to publish extensions and plugins for SanteDB, you may obtain a publishing certificate from the SanteSuite community. These community certificates are only trusted by SanteDB iCDR and dCDR software packages, which means they are less suited for general purpose software development.
Finally, you can create your own self-signed code signing certificate. This is less ideal as it restricts the portability of your software extension. In order to use self-signed code certificates you will need to:
Generate a private key with extended use of codeSigning (optionally sign it with your own CA's certificate).
Export the private key, certificate, and CA's certificate (forming an X509 chain) to a PKCS12 (.pfx) file.
Import the CA's certificate into the trust store
On Windows this is done by placing the certificate in the Trusted Publishers store on all machines which will use the plugin
If you're compiling a general purpose plugin or SanteDB distribution, or are writing other software which will need to be installed on Microsoft Windows, Linux, etc. it is recommended you use a registered . These certificates typically cost between $200 and $800 per year , however they are recognized by Microsoft Windows and other operating systems and are generally more portable than other options.
In order to obtain a certificate from SanteSuite community you will need to become a .
On Mono (Linux, Docker, MacOS) you should use to manage the certificates.
Once you have an appropriate code signing certificate you can use the or command to sign your assembly. This must be done prior to loading or publishing/distributing the assembly.
