Creating the Application Manifest
All Active Directory Rights Management Services (AD RMS) consuming applications that require a lockbox, and many publishing applications, require a manifest. A manifest is a signed XrML file that includes the Pre–production or Production certificate and identifies the application executable, all modules that the application must use, all modules that must not be used, and any optional modules. A manifest increases security by helping to prevent viruses from running in the same process space as the AD RMS application and by preventing an attacker from surreptitiously replacing libraries.
To create a manifest you must have a manifest configuration file (MCF), a private key, and a Pre–production or Production certificate that contains the public key associated with your private key. The configuration file has an .mcf extension and contains the following information:
- The path of the file that contains the private signing key.
- The application path.
- The manifest validity period.
- The manifest ID number.
- The name, ID, address, and type of the manifest issuer.
- The list of modules that can be loaded without threatening environment security.
- The list of modules that must not be loaded.
Pass the certificate and the MCF file path to the Genmanifest.exe command–line program included with this SDK to create a signed manifest. For more information about manifest creation, see the following topics.
| Topic | Description |
|---|---|
| MCF Syntax | Describes the elements that can be used to create a manifest configuration file. |
| MCF Example | Discusses a basic configuration file example. |
| Genmanifest.exe | Discusses Genmanifest.exe, a command-line program used to create a manifest. |
| Environment Verification | Identifies the functions that create and require a secure environment. |
| Obtaining a Key Pair for Manifest Signing | Discusses how to obtain a public key pair that can be used to sign the manifest and a Pre-production or Production certificate that signs the public key. |
| Authenticode Signing a DLL | Discusses how to add Microsoft Authenticode-signed modules to a manifest. |
See Also
Methods Used by All Client Applications
Send comments about this topic to Microsoft
Build date: 3/13/2008