mozilla
Your Search Results

    Signing an executable with Authenticode

    This article describes how to digitally sign your executable file, mainly a Windows application installer, with a Microsoft Authenticode Digital ID.

    Introduction

    Microsoft has, of course, their own signing tools in the SDK, but another option is to use Mono. Mono's signing tools allow us to sign an executable even on a Mac or Linux box. These steps described here assume you're working on Mac.

    Install Mono

    Download and install the latest version of the Framework. It's open source and free software!

    Set path

    export PATH=${PATH}:/Library/Frameworks/Mono.framework/Commands

    Export your certificate

    1. Open the Certificate Manager on Windows. Click the Start button and type certmgr.msc into the Search box.
    2. Find the certificate of your organization.
    3. Right-click on the certificate and select All Tasks > Export.
    4. In the Certificate Export Wizard, click Next.
    5. Select "Yes, export the private key" and click Next.
    6. Check "Include all certificates in the certificate path if possible" and click Next.
    7. Enter an arbitrary password to protect your secret key and click Next.
    8. Enter the file name, e.g. authenticode.pfx.
    9. Complete exporting. A PFX file will be exported on your desktop.

    Convert your certificate to SPC/PVK format

    With OpenSSL, convert the PFX file to PVK and SPC files. OpenSSL comes with Mac.

    openssl pkcs12 -in authenticode.pfx -nocerts -nodes -out key.pem
    openssl rsa -in key.pem -outform PVK -pvk-strong -out authenticode.pvk
    openssl pkcs12 -in authenticode.pfx -nokeys -nodes -out cert.pem
    openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out authenticode.spc

    Once you get PVK and SPC files, keep them in safe custody. Delete the PFX and PEM files.

    Sign

    signcode \
     -spc authenticode.spc \
     -v authenticode.pvk \
     -a sha1 -$ commercial \
     -n My\ Application \
     -i http://www.example.com/ \
     -t http://timestamp.verisign.com/scripts/timstamp.dll \
     -tr 10 \
     MyApp.exe
    

    References

    Document Tags and Contributors

    Contributors to this page: George3, Kohei
    Last updated by: Kohei,