Skip to main content

Protecting and Signing Compiled Libraries

You can protect libraries by means of source code protection, signing, and a license (dongle or soft container).

Source code protection

When a library is prepared in "compiled-library" format, the source code of the library POUs is no longer visible after the library is integrated into a project.

Signing

Note

In CODESYS V3 SP20 and higher, library projects *.compiled-library-v3 and *.compiled-library can be saved both with and without a certificate signature.

In CODESYS V3 SP15 and higher, a certificate is always used for the signing of library projects (*.compiled-library-v3). The signing can be enforced by means of a setting in the security screen. Then for generating a compiled library, you need a certificate suitable for code signing in your user profile.

Tip

With compiler version 3.5.15.0 and higher, a better memory format is used.

For library projects that must be compatible with CODESYS versions < 3.5.15.0 (*.compiled-library), only the less secure signing with a private key and an associated token is possible. These deprecated methods should only be used for reasons of compatibility. Settings are configured on the Signing tab of the Project Information dialog.

Procedure. Signing a library with a certificate

Requirement: You have a valid certificate for signing on your computer. For more information about certificate handling, see: Certificates for CODESYS and PLC

  1. Create a library project.

  2. Open the Userstab of the Security Screen view.

    Use the _csa_icon_cert_store_open.png button to open the dialog for certificate selection.

    From the Available certificates... area, select a certificate for the digital signature and use the _cds_icon_arrow_up.png button to move it to the upper window.

    After confirming the selection, the certificate is displayed in the table under Digital Signature.

  3. In the Security Level section, select the Enforce signing of compiled libraries option

  4. Click the FileSave Project as Compiled Library command to save the library project.

    The library is automatically signed. If the signature check does not confirm the integrity, for example because the library has been manipulated, then the library cannot be used.

In CODESYS V3 SP15 and higher, library signing is always based on certificates. To perform this kind of signing, see the help page: Command: Save Project as Compiled Library command. In contrast to deprecated signing by using the settings in the Project InformationSigning dialog, the entire library is signed with the certificate.

Tip

When using the command-line interface you can use the option: --signaturethumbprint use to sign a compiled library.

Licensing

You can protect libraries by means of a license (dongle or soft container). License-protected libraries can be installed in the library repository. However, for use in the project, the valid license has to exist on the computer. Licenses are managed in the License Manager.

: