Share via


MCF Example

The following example shows a basic configuration file.

AUTO-GUID

"C:\\myfolder\\TestSigningKeyPriv.dat"

MODULELIST
    REQ HASH "C:\\Development Programs\\My Program.exe"
    REQ NOHASH "C:\\Windows\\system32\\msdrm.dll"

POLICYLIST
    INCLUSION
        PUBLICKEY "C:\\myfolder\\TestSigningKeyPub.dat"
    EXCLUSION

Example Highlights

For more information about the elements used in a configuration file, see MCF Syntax. Note the following points about the preceding example:

  • TestSigningKeyPriv.dat is the name of the file that contains the private key used to sign the manifest. For more information, see Obtaining a Key Pair for Manifest Signing.
  • TestSigningKeyPub.dat is the name of the file that contains the public key associated with the private key.
  • The application identified by the REQ HASH elements calls the DRMInitEnvironment function to initialize the secure environment. Quotation marks are used because there is a space in the application name. Libraries that call DRMInitEnvironment must be marked optional (OPT).
  • The NOHASH element indicates that the Msdrm.dll library is not hashed. This enables you to incorporate updated versions of Msdrm.dll without creating a new manifest.

Creating a Manifest

Save this file with an .mcf extension and call the Genmanifest.exe command–line program by using the following syntax:

genmanifest [-chain SignedChainPathAndFile] SourceMCFPath DestinationXMLPath

For more information, see Genmanifest.exe. You must generate a new manifest each time you compile your program, and the manifest can contain only one executable file. This file must own the process that is running Active Directory Rights Management.

See Also

MCF Syntax
Obtaining a Key Pair for Manifest Signing
Authenticode Signing a DLL

Send comments about this topic to Microsoft

Build date: 3/13/2008