Friday, February 02, 2007

Windows Code Signing (Authenticode)

signtool.exe which comes with Windows Visual Studio 2005 has totally different command line options than signcode.exe, the later being part of the original Microsoft Authenticode toolkit and came bundled with Windows Visual Studio 2003.

If your migrating your code signing from VC7 to VC8 you'll need to take your PRIVATEKEYFILE and SPCFILE that you get from Verisign, Thawte, Geotrust, etc. and create a pfx file. This pfx file will be used to sign your files.


Creating a pfx file:

pvk2pfx.exe -pvk PRIVATEKEYFILE -spc SPCFILE -pfx your_new_pfx_filename.pfx

Signing a file:

signtool.exe sign /f PATH_TO_PFX_FILE -t http://timestamp.verisign.com/scripts/timstamp.dll /v $(OutDir)\$(TargetFileName)

See signtool.exe for more options.
See pvk2pfx.exe for more options.

No comments: