[Tool recommended]003.exe signature tool SignTool Use tutorial

Digital certificate, is really a magical thing, can ensure that the software is not modified, can indicate the date of the release of the file, the most important, can greatly reduce the anti-virus software false positives, of course, this will be the use of trusted institutions issued certificates.

It's not about applying for a certificate, it's about making your own certificate.

1. Install the Windows SDK

Both the Generate certificate and the signature tool are included, and Visual studio should have its own, and the tools used in the following can be found in the C:\Program Files\Microsoft Sdks\windows\v7.0a\bin

2. Create a certificate of

MSDN's Introduction to Makecert.exe (certificate Creation Tool):

The certificate Creation tool generates a certificate of only for a test purpose.
It creates a public and private key pair for digital signatures and stores it in a certificate file.
The tool also relates the key pair to the name of the specified publisher and creates a certificate that binds the user-specified name to the public part of the key pair.

Use this command line to create a certificate:

MAKECERT-SV abc.pvk-r-N "cn=xxx Company" Abc.cer

-SV ABC.PVK creates a key file to hold the private key, and you need to enter a password when you create it.

3. Create a Publisher Certificate

MSDN's Introduction to Cert2spc.exe (software publisher certificate testing tool):

The Publisher Certificate Test tool creates a Publisher certificate (SPC) from one or more of the certificates.
Cert2spc.exe is for testing purposes only.
You can obtain a valid SPC from a certification authority, such as VeriSign or Thawte.

Use the following command line to create the publisher certificate:

CERT2SPC Abc.cer ABC.SPC

4. Export the PFX certificate file

Export the PFX file from the pvk file using the Pvk2pfx.exe tool:

PVK2PFX-PVK Abc.pvk-pi mypassword-spc abc.spc-pfx abc.pfx-f

Replace the "MyPassword" password with the password entered in the second step

5. Sign your own software

Using SignTool.exe for signing, MSDN describes the SignTool.exe (signature tool):

The signing tool is a command-line tool for digitally signing files and verifying signatures in files and timestamp files.

If you want to sign Abc.exe:

SignTool sign/f abc.pfx/p MyPassword abc.exe

Replace the password with your own password.

6. Stamp your software with timestamps

You can use the timestamp service provided by Wosign: Http://timestamp.wosign.com/timestamp

SignTool timestamp/t Http://timestamp.wosign.com/timestamp Abc.exe

If the steps above are correct, then the result is this:

After signing, his software instantly becomes professional has wood has!

Of course, such a signature is just masturbation, there is no practical use, the real useful certificate or to the professional institutions to apply.

[Tool recommended]003.exe signature tool SignTool Use tutorial