News
Knowledgebase
Code Signing for Windows

 Code Signing for Windows

 

Windows Software Development Kit (SDK) contains headers, libraries, and tools you can use when you create apps that run on Windows operating systems.

To download the Windows Software Development Kit (SDK) click here.

 

Important SignTool Options:

  • /ac  -  Specify an Additional Certificate.
  • /a  -  Automatically selects the best certificate to sign the file from your  Windows Certificate Store.
  • /fd SHA256  -  Specify the file digest algorithm used in creating file signatures.(Windows Vista and earlier:  This flag is not supported).
  • /t  -  Specifies the URL of the time stamp server.
  • /td SHA256  -  Must be called after "/tr", this command specifies the TimeStamp digest Algorithm. *Recommended*
  • /sha1 Hash  - Used to select the signing certificate by the SHA-1 Hash      
  • /csp CSPName  -  Specifies the cryptographic service provider (CSP) that contains the private key container.

 

The following command signs the file using a certificate stored in a password-protected PFX file:

SignTool sign /f MyCert.pfx /p MyPassword MyControl.exe

 

The following command signs and time stamps the file:

SignTool sign /f MyCert.pfx /t http://timestamp.comodoca.com/rfc3161 MyControl.exe

 

To verify the successful signature use the following commands:

Authenticode: signtool verify /v /pa
Kernel Driver Signing: signtool verify /v /kp

(3 vote(s))
Helpful
Not helpful

Comments (0)
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.