Developing fonts > Tools & SDKs
OpenType Font Signing Tool ('SIGNCODE')
This tool was developed for use at Microsoft and is not supported externally. Microsoft makes no claims and holds no liability regarding the external use of this tool. This tool is copyrighted. Redistribution is restricted. See the tool's End User License Agreement for details.
Besides the tool provided, to sign a font file you will also need a
.spc file and a
You can create a test.spc and test.pvk for testing purposes with the tools provided in the font signing tool, but when you want to sign a font file "for real" you need to obtain these files from Certification Authority such as Verisign. When contacting a Certification Authority apply for a 'Class 3 Authenticode digital signature'. Asking for a 'font-signing certificate' is not a good idea, as the certificate you need is not specific to font signing.
The .spc file containing your public key and other information, resides on your hard drive, and it can be distributed to others.
The .pvk file contains a private key that corresponds to the public key in the .spc file. Once you have received a .pvk file from Certification Authority it is recommended that the file should NEVER be stored on your hard drive and should always be stored on a floppy disk and be used as needed.
Signing OpenType font files
Minimum system requirements:
Window 2000: Beta 3 or higher, or
Windows NT 4 + SP 4, or
Windows 9x + IE 5
Download the tool
Windows NT/2000: Move mssipotf.dll to winnt\system32
Windows 9x: Move mssipotf.dll to \windows\system
Register the mssipotf.dll with Windows, by typing the following at the command prompt:
To sign a font file eg. myfont.TTF, go to the folder where you downloaded the font signing tool, and at the command prompt type:
signcode -spc my.spc -v my.pvk -j mssipotf.dll myfont.ttf
The -j mssipotf.dll option is required for successfully signing font files and therefore, must be included in the command prompt. This option tells signcode that mssipotf.dll contains code that will perform a series of checks on the font to determine glyph integrity. This process may take a few seconds or many minutes, depending on how many glyphs are in the font file. If the font does not pass this verification test, signing will fail. Signcode has many other command line options and you can learn about them by typing 'Signcode -?' at the command prompt. Other recommended options to include in the command line are:
-n "My Font name"
The three options above will add font's name, link it your site and add a timestamp to the digital signatures certificate.
A successfully signed font file can be verified using chktrust.exe:
Another way to verify a signed file on Windows 2000 and Windows 98 is to 'right-click' the font file and select 'properties'. A 'Digital Signatures' tab will be displayed that provides more detail about the signature, including the timestamp (if it was used in signing).
Note that in Windows 2000 the icon associated with a signed font file is the OpenType logo (an O), rather than the TrueType logo (a TT). However, signed TTCs still have the TT logo.
We recommend that you run your TrueType or OpenType fonts through our 'FastFont' utility prior to signing them. This program reorders a TrueType or OpenType file for faster execution. It does this by placing all of the small, frequently used tables at the beginning of the font file, allowing the font to be loaded with fewer page faults. By rewriting the tables in this way many of the problems listed in the 'Signing criteria' section of this document are fixed. Although the individual font files that make up a TrueType Collection (.TTC) may be run through FastFont, the resulting .TTC file should not.
In general, you should always test sign a font before signing it for real. You'll need to create a dummy version of your own .cer and .pvk files by going to the directory where you downloaded the font signing tool, and typing the following on the command line:
makecert -n CN=JoeBob -sv test.pvk test.cer
cert2spc test.cer test.spc
setreg 1 TRUE
Makecert will create .cer and .pvk files, and the associated certificate will be called "JoeBob". A dialog box will ask you to provide a password for the .pvk file, and then ask to confirm the password each time the .pvk file is used.
Finally, to test sign a font, at the command prompt type the following:
signcode -spc test.spc -v test.pvk -j mssipotf.dll myfont.ttf
NOTE: In the above example, we have used minimal signcode options, as we are only test signing a font file.
You can also modify the signdemo.bat provided with the font signing tool, according to your font and company, then type:
If you sign a file with a test certificate, the signed file should NOT be distributed for official purposes.
Here are some frequently asked questions:
Q I've downloaded the font tool but don't see the misipotf.dll.
AYou need to set the folder setting to view all files. See Windows documentation on how to do that.
Q I'm running out of space at the DOS prompt.
A Windows 95 and 98 have a default character limit for the command prompt. Therefore, depending on what options you use, and the length
of some options (i.e. your font name, company's URL and timestamp URL), you may not be able to type in all of your signing options. In this case,
you can edit the "Signdemo.bat" batch file to include your options. To open the file, right-click on "Signdemo.bat" and
choose the "Edit" option, then modify the options as needed. Close the file and type "Signdemo MyFont.ttf" at the DOS prompt.
Q I can't sign the file because the file was read-only.
A Signing alters the file, so it can't be read-only. Change the file attributes and try signing again.
Q It takes a long time to sign.
A As the -j option invokes code that does glyph integrity checks, signing may take a long time. Be patient.
Q Will having other copies of MSSIPOTF.DLL on the system cause problems?
A Older versions of MSSIPOTF.DLL may be invoked if they are in the execution path. Make sure there is only one MSSIPOTF.DLL in the entire
system (in the '\winnt\system32' directory).
Q I get an error during the signing process.
A This is probably because the font does not meet the signing criteria listed in the next section.
Font file criteria
Files other than font files are signed in different ways. To identify a file as a font file, the file must meet certain criteria. The criteria are outlined below.
- The magic number in the head table is correct.
- Given the number of tables value in the offset table, the other values in the offset table are consistent.
- The tags in the table directory, which contains pointers to the beginning of
each table, must appear in alphabetical order and have no duplicates.
- The offset of each table is a multiple of 4. (That is, tables are long word aligned.)
- The first actual table in the file comes immediately after the directory of tables.
- If the tables are sorted by offset, then for all tables i (where index 0 means the table with the smallest offset),
Offset[i] + Length[i] <= Offset[i+1] and
Offset[i] + Length[i] >= Offset[i+1] - 3.
- In other words, the tables do not overlap, and there are at most 3 bytes of padding between tables.
- The pad bytes between tables are all zeros.
- The offset of the last table in the file plus its length is not greater than the size of the file.
- The checksums of all tables are correct.
- The file checksum in the head table is correct.
Signcode will not sign and chktrust will not verify if the font file does not meet all of the above criteria.
The philosophy behind these rules is that the more structure that is imposed on a font file, the less likely a malicious entity will be able to disguise a bad font file to look like a good one. This will become more important as other kinds of signatures are employed to sign font files.
You can disable font signing and verification by unregistering mssipotf.dll:
regsvr32 /u mssipotf.dll
Optionally, you can then delete mssipotf.dll.
Top of page