NX Open Programmer's Guide > License Checking > Signing Process
Signing Process
Signing verifies that a distributed application was built using a valid NX Open Author license. Two general steps:
- A resource file is added to the source, compiled and linked with the executable (not required for Java).
- The signing utility is run to add an encrypted string to the executable.
When run without an NX Open Author license, NX checks for this encrypted string at load time; if no NX Open Author license or signature is found, NX will not load the executable (a batch file's Common API fails to initialize). Outside of NX, an unsigned application may call into a signed one (e.g. an unsigned jar calling a signed jar) — but inside NX, the entry point itself must be signed.
When the check happens, per language
| Language | Check type | Run inside NX | Run outside NX |
|---|---|---|---|
| .NET | Signature check | When the first session object is obtained | When the first session object is obtained |
| C++ | License check | When the shared object is loaded by NX | When the first session object is obtained |
| Java | License check | When the class or jar file is loaded by NX | When the first session object is obtained |
Signing utility
- Adds an encrypted string to the executable; requires an available NX Open Author license to run.
- Supports a
-validateoption that reports whether the file is correctly signed. - Idempotent — running it multiple times on the same executable is harmless.
- Journals and GRIP programs do NOT need signing; all other NX Open applications must be signed. If already signed, the tool reports that.
- For C++ only, the utility also outputs the compiler (linker) version used.
-validate output includes:
- Signed by — e.g. "Siemens Digital Industries Software" for Siemens-signed binaries.
- Signed in — the NX version of the utility used to sign.
- Compiled — the VC++ linker version, e.g.
14.20(onlysigncppreports this; get the current linker version vialink /?in an MS developer command window). Used to assess build compatibility. If the program was signed before this info was tracked, it returnsunknown.
You can also pass -validate to the report_custom_dirs utility to get signing info for programs in an application root directory (see Application directory report utility).
Programs running in NX
When an automation program loads interactively in NX, signing info is written automatically to the system log — useful for troubleshooting. The check only applies to the top-level of the automation program: if it calls into another shared object, checking happens on the top-level shared library, not the dependent library.
The Show Warning when Loading customer default can be set to report compiler compatibility issues to an Information window when the compiler version used for the program differs from the one used to build the running NX version.
Related Topics
- Signing applications
- Signing Process - Language specific details
- Feature based license checking
- License Management
- User-defined license contexts
- Named user NX licensing
Source: https://docs.sw.siemens.com/en-US/doc/209349590/PL20220512394070742.nxopen_prog_guide/signing_process · retrieved Tue Jul 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time)