OpenType font signing tool

		All Products \| Support \| Search \| microsoft.com Home

Microsoft Typography | Developer | Digital signatures | OpenType font signing tool

OpenType font signing tool

This tool was developed for use at Microsoft, and is unsupported externally. Microsoft makes no claims and holds no liability regarding the external use of this tool. This tool is copyrighted. Redistribution is restricted. See the tool's End User License Agreement for details.

Besides the tool provided, to sign a font file you will also need a
.spc file and a
.pvk file.

You can create a test.spc and test.pvk for testing purposes with the tools provided in the font signing tool, but when you want to sign a font file "for real" you need to obtain these files from Certification Authority such as Verisign. When contacting a Certification Authority apply for a 'Class 3 Authenticode digital signature'. Asking for a 'font-signing certificate' is not a good idea, as the certificate you need is not specific to font signing.
The .spc file containing your public key and other information, resides on your hard drive, and it can be distributed to others.
The .pvk file contains a private key that corresponds to the public key in the .spc file. Once you have received a .pvk file from Certification Authority it is recommended that the file should NEVER be stored on your hard drive and should always be stored on a floppy disk and be used as needed.

Signing OpenType font files
Minimum system requirements:
Window 2000: Beta 3 or higher, or
Windows NT 4 + SP 4, or
Windows 9x + IE 5

Download the tool

download - Select one of the locations listed below and download disg.exe to your computer in a folder such as C:\FontSign
location - http://download.microsoft.com/
file details - dsig.exe - 192KB self extracting file
Windows 2000 and Windows NT users - You must have administrator privileges to use this tool.

Step 1
Windows NT/2000: Move mssipotf.dll to winnt\system32
Windows 9x: Move mssipotf.dll to \windows\system

Step 2
Register the mssipotf.dll with Windows, by typing the following at the command prompt,
regsvr32 mssipotf.dll

Step 3
To sign a font file eg. myfont.TTF, go to the folder where you downloaded the font signing tool, and at the command prompt type,
signcode -spc my.spc -v my.pvk -j mssipotf.dll myfont.ttf

The -j mssipotf.dll option is reqired for successfully signing font files and therefore, must be included in the command prompt. This option tells signcode that mssipotf.dll contains code that will perform a series of checks on the font to determine glyph integrity. This process may take a few seconds or many minutes, depending on how many glyphs are in the font file. If the font does not pass this verification test, signing will fail. Signcode has many other command line options and you can learn about them by typing Signcode -? at the command prompt. Other recommended options to include in the command line are,
-n "My Font name" -i http://www.mycompany.com -t http://timestamp.verisign.com/scripts/timstamp.dll

The three options above will add font's name, link it your site and add a time stamp to the digital signatures certificate.

Step 4
A successfully signed font file can be verified using chktrust.exe:
chktrust myfont.otf

Another way to verify a signed file on Windows 2000 and Windows 98 is to 'right-click' the font file and select 'properties'. A 'Digital Signatures' tab will be displayed that provides more detail about the signature, including the timestamp (if it was used in signing).
Note that in Windows 2000 the icon associated with a signed font file is the OpenType logo (an O), rather than the TrueType logo (a TT). However, signed TTCs still have the TT logo.

Recommendations
We recommend that you run your TrueType or OpenType fonts through our 'FastFont' utility prior to signing them. This program reorders a TrueType or OpenType file for faster execution. It does this by placing all of the small, frequently used tables at the beginning of the font file, allowing the font to be loaded with fewer page faults. By rewriting the tables in this way many of the problems listed in the 'Signing criteria' section of this document are fixed. Although the individual font files that make up a TrueType Collection (.TTC) may be run through FastFont the resulting .TTC file should not.
In general you should always test sign a font before signing it for real. You'll need to create a dummy version of your own .cer and .pvk files by going to the directory where you downloaded the font signing tool and type the following on the command line
makecert -n CN=JoeBob -sv test.pvk test.cer cert2spc test.cer test.spc setreg 1 TRUE

Makecert will create .cer and .pvk files, and the associated certificate will be called "JoeBob". A dialog box will ask you to provide a password for the .pvk file and then ask to confirm the password each time the .pvk file is used.
Finally, to test sign a font, at the command prompt type the following
signcode -spc test.spc -v test.pvk -j mssipotf.dll myfont.ttf

Note: In the above example we have used minimal signcode options as we are only test signing a font file.
You can also modify the signdemo.bat provided with the font signing tool according to your font and company then type
Signdemo MyFont.ttf

If you sign a file with a test certificate, the signed file should NOT be distributed for official purposes.

Troubleshooting
Here are some frequently asked questions:
Q I've downloaded the font tool but don't see the misipotf.dll.
AYou need to set the folder setting to view all files. See Windows documentations on how to do that.
Q I'm running out of space at the DOS prompt?
A Windows 95 and 98 have by default a limit on how many characters can be typed in at the command prompt. Therefore, depending on what options you use and the length of some options (i.e. your font name, company's URL and timestamp URL) you may not be able to type in all the options you want to use to sign your fonts. In this case, you can edit the "Signdemo.bat" batch file to include all the options you want to use. To open the file, right-click on "Signdemo.bat" and choose the "Edit" option, then modify the options as needed. Close the file and type "Signdemo MyFont.ttf" at the DOS prompt.
Q I Can't sign the file because the file was read-only.
A Signing alters the file, so it can't be read-only. Change the file attributes and try signing again.
Q It takes a long time to sign.
A As the -j option invokes code that does glyph integrity checks, signing may take a long time. Be patient.
Q Will having other copies of mssipotf.dll on the system cause problems?
A Older versions of mssipotf.dll may be invoked if they are in the execution path. It is best to make sure there is only one mssipotf.dll in the entire system (in the \winnt\system32 directory).
Q I get an error during the signing process
A This will probably be due to the font not meeting the signing criteria listed below.

Font file criteria
As files other than font files are signed in different ways. To identify a file as a font file, the file must meet certain criteria. The criteria are outlined below.

The magic number in the head table is correct.
Given the number of tables value in the offset table, the other values in the offset table are consistent.
The tags in the table directory, which contains pointers to the beginning of each table, must appear in alphabetical order and have no duplicates.
The offset of each table is a multiple of 4. (That is, tables are long word aligned.)
The first actual table in the file comes immediately after the directory of tables.
If the tables are sorted by offset, then for all tables i (where index 0 means the table with the smallest offset),
Offset[i] + Length[i] <= Offset[i+1] and Offset[i] + Length[i] >= Offset[i+1] - 3.

In other words, the tables do not overlap, and there are at most 3 bytes of padding between tables.
The pad bytes between tables are all zeros.
The offset of the last table in the file plus its length is not greater than the size of the file.
The checksums of all tables are correct.
The file checksum in the head table is correct.

Signcode will not sign and chktrust will not verify if the font file does not meet all of the above criteria.
The philosophy behind these rules is that the more structure that is imposed on a font file, the less likely a malicious entity will be able to disguise a bad font file to look like a good one. This will become more important as other kinds of signatures are employed to sign font files.

Uninstalling
You can disable font signing and verification by unregistering mssipotf.dll:
regsvr32 /u mssipotf.dll

Optionally, you can then delete mssipotf.dll.

this page was last updated 30 January 2003
© 2003 Microsoft Corporation. All rights reserved. Terms of use.
comments to the MST group: how to contact us

Microsoft Typography | Developer | Digital signatures | OpenType font signing tool



	Microsoft Typography \| Developer \| Digital signatures \| OpenType font signing tool

		OpenType font signing tool This tool was developed for use at Microsoft, and is unsupported externally. Microsoft makes no claims and holds no liability regarding the external use of this tool. This tool is copyrighted. Redistribution is restricted. See the tool's End User License Agreement for details. Besides the tool provided, to sign a font file you will also need a .spc file and a .pvk file. You can create a test.spc and test.pvk for testing purposes with the tools provided in the font signing tool, but when you want to sign a font file "for real" you need to obtain these files from Certification Authority such as Verisign. When contacting a Certification Authority apply for a 'Class 3 Authenticode digital signature'. Asking for a 'font-signing certificate' is not a good idea, as the certificate you need is not specific to font signing. The .spc file containing your public key and other information, resides on your hard drive, and it can be distributed to others. The .pvk file contains a private key that corresponds to the public key in the .spc file. Once you have received a .pvk file from Certification Authority it is recommended that the file should NEVER be stored on your hard drive and should always be stored on a floppy disk and be used as needed. Signing OpenType font files Minimum system requirements: Window 2000: Beta 3 or higher, or Windows NT 4 + SP 4, or Windows 9x + IE 5 Download the tool download - Select one of the locations listed below and download disg.exe to your computer in a folder such as C:\FontSign location - http://download.microsoft.com/ file details - dsig.exe - 192KB self extracting file Windows 2000 and Windows NT users - You must have administrator privileges to use this tool. Step 1 Windows NT/2000: Move mssipotf.dll to winnt\system32 Windows 9x: Move mssipotf.dll to \windows\system Step 2 Register the mssipotf.dll with Windows, by typing the following at the command prompt, regsvr32 mssipotf.dll Step 3 To sign a font file eg. myfont.TTF, go to the folder where you downloaded the font signing tool, and at the command prompt type, signcode -spc my.spc -v my.pvk -j mssipotf.dll myfont.ttf The -j mssipotf.dll option is reqired for successfully signing font files and therefore, must be included in the command prompt. This option tells signcode that mssipotf.dll contains code that will perform a series of checks on the font to determine glyph integrity. This process may take a few seconds or many minutes, depending on how many glyphs are in the font file. If the font does not pass this verification test, signing will fail. Signcode has many other command line options and you can learn about them by typing Signcode -? at the command prompt. Other recommended options to include in the command line are, -n "My Font name" -i http://www.mycompany.com -t http://timestamp.verisign.com/scripts/timstamp.dll The three options above will add font's name, link it your site and add a time stamp to the digital signatures certificate. Step 4 A successfully signed font file can be verified using chktrust.exe: chktrust myfont.otf Another way to verify a signed file on Windows 2000 and Windows 98 is to 'right-click' the font file and select 'properties'. A 'Digital Signatures' tab will be displayed that provides more detail about the signature, including the timestamp (if it was used in signing). Note that in Windows 2000 the icon associated with a signed font file is the OpenType logo (an O), rather than the TrueType logo (a TT). However, signed TTCs still have the TT logo. Recommendations We recommend that you run your TrueType or OpenType fonts through our 'FastFont' utility prior to signing them. This program reorders a TrueType or OpenType file for faster execution. It does this by placing all of the small, frequently used tables at the beginning of the font file, allowing the font to be loaded with fewer page faults. By rewriting the tables in this way many of the problems listed in the 'Signing criteria' section of this document are fixed. Although the individual font files that make up a TrueType Collection (.TTC) may be run through FastFont the resulting .TTC file should not. In general you should always test sign a font before signing it for real. You'll need to create a dummy version of your own .cer and .pvk files by going to the directory where you downloaded the font signing tool and type the following on the command line makecert -n CN=JoeBob -sv test.pvk test.cer cert2spc test.cer test.spc setreg 1 TRUE Makecert will create .cer and .pvk files, and the associated certificate will be called "JoeBob". A dialog box will ask you to provide a password for the .pvk file and then ask to confirm the password each time the .pvk file is used. Finally, to test sign a font, at the command prompt type the following signcode -spc test.spc -v test.pvk -j mssipotf.dll myfont.ttf Note: In the above example we have used minimal signcode options as we are only test signing a font file. You can also modify the signdemo.bat provided with the font signing tool according to your font and company then type Signdemo MyFont.ttf If you sign a file with a test certificate, the signed file should NOT be distributed for official purposes. Troubleshooting Here are some frequently asked questions: Q I've downloaded the font tool but don't see the misipotf.dll. AYou need to set the folder setting to view all files. See Windows documentations on how to do that. Q I'm running out of space at the DOS prompt? A Windows 95 and 98 have by default a limit on how many characters can be typed in at the command prompt. Therefore, depending on what options you use and the length of some options (i.e. your font name, company's URL and timestamp URL) you may not be able to type in all the options you want to use to sign your fonts. In this case, you can edit the "Signdemo.bat" batch file to include all the options you want to use. To open the file, right-click on "Signdemo.bat" and choose the "Edit" option, then modify the options as needed. Close the file and type "Signdemo MyFont.ttf" at the DOS prompt. Q I Can't sign the file because the file was read-only. A Signing alters the file, so it can't be read-only. Change the file attributes and try signing again. Q It takes a long time to sign. A As the -j option invokes code that does glyph integrity checks, signing may take a long time. Be patient. Q Will having other copies of mssipotf.dll on the system cause problems? A Older versions of mssipotf.dll may be invoked if they are in the execution path. It is best to make sure there is only one mssipotf.dll in the entire system (in the \winnt\system32 directory). Q I get an error during the signing process A This will probably be due to the font not meeting the signing criteria listed below. Font file criteria As files other than font files are signed in different ways. To identify a file as a font file, the file must meet certain criteria. The criteria are outlined below. The magic number in the head table is correct. Given the number of tables value in the offset table, the other values in the offset table are consistent. The tags in the table directory, which contains pointers to the beginning of each table, must appear in alphabetical order and have no duplicates. The offset of each table is a multiple of 4. (That is, tables are long word aligned.) The first actual table in the file comes immediately after the directory of tables. If the tables are sorted by offset, then for all tables i (where index 0 means the table with the smallest offset), Offset[i] + Length[i] <= Offset[i+1] and Offset[i] + Length[i] >= Offset[i+1] - 3. In other words, the tables do not overlap, and there are at most 3 bytes of padding between tables. The pad bytes between tables are all zeros. The offset of the last table in the file plus its length is not greater than the size of the file. The checksums of all tables are correct. The file checksum in the head table is correct. Signcode will not sign and chktrust will not verify if the font file does not meet all of the above criteria. The philosophy behind these rules is that the more structure that is imposed on a font file, the less likely a malicious entity will be able to disguise a bad font file to look like a good one. This will become more important as other kinds of signatures are employed to sign font files. Uninstalling You can disable font signing and verification by unregistering mssipotf.dll: regsvr32 /u mssipotf.dll Optionally, you can then delete mssipotf.dll. this page was last updated 30 January 2003 © 2003 Microsoft Corporation. All rights reserved. Terms of use. comments to the MST group: how to contact us


	Microsoft Typography \| Developer \| Digital signatures \| OpenType font signing tool