\[privateKeyFile\] \[importFirst\]"

  #
  # NOTE: Indicate to the caller, if any, that we have failed.
  #
  exit 1
}

proc maybeForceHashAlgorithm { certificate keyPairType } {
  #
  # HACK: Some key pair types, e.g. DSA v1, require hard-coded
  #       hash algorithms, e.g. SHA1.  Do that now, if needed.
  #
  if {$keyPairType eq "DSA"} then {
    $certificate HashAlgorithm SHA1
  }
}

proc isScriptFile { fileName } {
  switch -exact -- [file extension $fileName] {
    .tcl -
    .tk -
    .test -
    .eagle {

  set embedPrefix "# <<CERTIFICATE-1.0>>"
  set embedSuffix "# <</CERTIFICATE-1.0>>"

  #
  # NOTE: Grab the public key we need to verify that our signing
  #       process worked correctly.
  #
  set publicKey [keypair open \
      -alias -public $publicKeyFile]

  #
  # NOTE: Grab the private key we need to actually create the
  #       detached certificate for the data file.
  #
  set privateKey [keypair open \
      -alias -public -private $privateKeyFile]

  #
  # NOTE: Has embedded certificate handling been requested?
  #       If so, make sure we can actually do it.
  #
  if {$embed && [isScriptFile $fileName]} then {
    set shouldEmbed true

    #
    set certificateFile $fileName

    #
    # NOTE: Import the license certificate.
    #
    set certificate [certificate import $fileName]
    maybeForceHashAlgorithm $certificate [$privateKey KeyPairType]

    #
    # HOOK: Post-certificate object creation (import).
    #
    catch {certificate_hook phase1}

    #

    #
    if {$importFirst} then {
      set certificate [certificate import -alias $certificateFile]
    } else {
      set certificate [object create -alias \
          Licensing.Components.Public.Certificate]
    }

    maybeForceHashAlgorithm $certificate [$privateKey KeyPairType]

    #
    # HOOK: Post-certificate object creation (create).
    #
    catch {certificate_hook phase1}

    #