Skip to main content

1E SDK

Prefixes, code signing certificates and licensing

If you want to develop your own custom Tachyon instructions, or modify others, then you will need to sign them using your own code signing certificate so that they can be licensed, imported and run in your Tachyon system. You don't need to do this for instructions that are provided with the product or that have been downloaded from the Tachyon Exchange as they've already been code signed and licensed using the Platform and Exchange certificates from 1E.

Ideally all of your Tachyon instruction developers should share a single code signing certificate between them. Each code signing certificate must be registered in your Tachyon license and associated with a particular instruction name prefix. Ideally you would have one prefix to go with one signing certificate that could be used for all your custom instructions. When you have chosen your prefix and have your code signing certificate(s) you then need to send details of these to 1E, who will update your Tachyon license. This will then automatically activate on your Tachyon Server (assuming it has connection to the Internet).

The following points apply to the importing and running of custom Tachyon instructions:

  • Tachyon will only allow instructions to be importedif they have been signed and the public key of the code-signing certificate exists in the Tachyon Server's Trusted Publishers certificate store.

  • Tachyon will only allow instructions to be run if their prefix and the thumbprint of their code-signing certificate have been registered in the Tachyon Server's license file (even if instructions have been successfully imported they will be flagged as unlicensed if the license information is not there).

Registering a prefix and code signing certificate and updating the Tachyon license

The following steps may seem complex on initial viewing, but the process has been designed to verify that your code signing certificate can be used to sign instructions before you ask for it to be registered and added to the Tachyon License - as this may take several days to complete you don't want to have to wait for registration only to find that you want to use a different prefix or the signing certificate cannot be used. The general outline of the process is as follows:

  • Decide what prefix you will use

  • Obtain a code signing certificate, and export as a PFX for use on other computers

  • Install the certificate on the Tachyon Server

    • Local user Personal store - for use by TIMS (optionally add to the Local computer store if multiple user accounts will use TIMS on the Server)

    • Local computer Trusted Publishers store - for use by the Server

  • Install TIMS and confirm it can see the code signing certificate

  • Create a test instruction, sign and import it

  • Before you can run the test instruction, you need to register your prefix and certificate thumbprint with 1E

  • Once registration is complete you can run the test instruction

  • Finally you should delete the test instruction to avoid any confusion

Prerequisites

Before you start you will need the following:

  • Tachyon Server is already installed and licensed in the lab, has been verified and is connected to the Internet

  • TIMS installer MSI

Assumptions

There are many ways to define the code signing certificate and configure your Tachyon environment. Here we make some basic assumptions about the type of certificate and Tachyon environment to show the end-to-end process simply. If you want more details on other certification options please refer to the online Tachyon SDK documentation.

These steps are recommended for a lab environment with the following:

  • A Microsoft CA has been installed

  • A code signing template must be issued on the issuing CA. The default Code Signing template is sufficient

  • All users will sign Tachyon Instructions on the Tachyon Server

  • TIMS must be started as local administrator, so all users developing Tachyon Instructions must be AD domain user accounts that are also members of the Administrators local group on the Tachyon Server. This is one of the requirements for the Tachyon Server installation account anyway.