Record my first code signature

Code signature is a process of identifying the software. It adds the information of publishers to the software to check whether the software is modified or affected by viruses after it is released. Signing software before it is sold has become a professional practice in the industry. With the increasing security awareness of users, more and more users are restricting the download of unsigned software. Therefore, as a professional software company, signing software before it is sold has become an essential step.

To sign the code, you need to prepare the following:
1) code signature certificate and password;
2) code signing tool;
3) the URL of the timestamp server;

 

Code signing Tool
The code signing tool. Microsoft provides two sets of code signing tools,

1)signcode.exe, which was used since January 1, 1998 and is released with the. NET Framework SDK.

Signcode.exe code signing Tool

Makecert.exe create a code signature certificate

Cert2spc.exe converts the code signature certificate to the software publisher Certificate Format

2)signtool.exe, which is released with Visual Studio 2005 and later versions.

Signtool.exe code signing Tool

Makecert.exe create a code signature certificate

Cert2spc.exe converts the code signature certificate to the software publisher Certificate Format

Usage

In step 2, the tool is different from signcode.exe, which is used to input private and software verification certificates (pvkand SPC files). signtool.exe only needs to input the personal information interaction file (pfx) generated by the combination of PVK and SPC ).

 

Obtain the code signature certificate

For a code signature certificate, you need to purchase a code signature certificate and password from a trusted certificate authority. For example, you can purchase a code signature certificate from wosign, the following Certificate Authority.

Timestamp server, you can choose one of the following,
Http://timestamp.wosign.com/timestamp
Http://timestamp.wosign.com/rfc3161

1. Use signcode.exe as follows:
Signcode.exe-T <timestamp URL>-SPC mycert. SPC-V mykey. PVK "<file to be signed>" The path code signature file can be .exe,. dll,. ocx, or other executable files.

2)use signtool.exe, as shown below:

Now, you can use the signtool of wdk to sign your file. Click here to download the signtool signature tool. Signature command behavior:

XP, win7 user signtool sign/v/s my/T http://timestamp.wosign.com/timestamp test. Cab

Win7 user signtool sign/v/s my/TR http://timestamp.wosign.com/rfc3161 test. Cab

Where:

(1)/V: displays detailed signature results

(2)/s my: load the code signature certificate in the personal certificate library. Make sure that only one Microsoft code signature certificate is issued by wosign;

(3)/t,/TR: add the wosign free timestamp to the Code to ensure that the signed code never expires;

(4) test. Cab: The Windows file to be signed, such as. Cab,. dll, And. EXE.

The following example uses the signtool.exe signature:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/29/wKioL1QQHrqwH4mlAAFjNc1mOyI960.jpg "Title =" 6.jpg" alt = "wkiol1qqhrqwh4mlaafjnc1moyi960.jpg"/>

Record my first code signature