Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.
Your Search Results

    Signing an executable with Authenticode

    This article describes how to digitally sign your executable file, mainly a Windows application installer, with a Microsoft Authenticode Digital ID.

    Introduction

    Microsoft has, of course, their own signing tools in the SDK, but another option is to use Mono. Mono's signing tools allow us to sign an executable even on a Mac or Linux box. These steps described here assume you're working on Mac.

    Install Mono

    Download and install the latest version of the Framework. It's open source and free software!

    Set path

    export PATH=${PATH}:/Library/Frameworks/Mono.framework/Commands

    Export your certificate

    1. Open the Certificate Manager on Windows. Click the Start button and type certmgr.msc into the Search box.
    2. Find the certificate of your organization.
    3. Right-click on the certificate and select All Tasks > Export.
    4. In the Certificate Export Wizard, click Next.
    5. Select "Yes, export the private key" and click Next.
    6. Check "Include all certificates in the certificate path if possible" and click Next.
    7. Enter an arbitrary password to protect your secret key and click Next.
    8. Enter the file name, e.g. authenticode.pfx.
    9. Complete exporting. A PFX file will be exported on your desktop.

    Convert your certificate to SPC/PVK format

    With OpenSSL, convert the PFX file to PVK and SPC files. OpenSSL comes with Mac.

    openssl pkcs12 -in authenticode.pfx -nocerts -nodes -out key.pem
openssl rsa -in key.pem -outform PVK -pvk-strong -out authenticode.pvk
openssl pkcs12 -in authenticode.pfx -nokeys -nodes -out cert.pem
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out authenticode.spc

    Once you get PVK and SPC files, keep them in safe custody. Delete the PFX and PEM files.

    Sign

    signcode \
 -spc authenticode.spc \
 -v authenticode.pvk \
 -a sha1 -$ commercial \
 -n My\ Application \
 -i https://www.example.com/ \
 -t https://timestamp.verisign.com/scripts/timstamp.dll \
 -tr 10 \
 MyApp.exe

    References

    Document Tags and Contributors

    Tags: 
     Contributors to this page: teoli, Kohei, George3
     Last updated by: Kohei,