Knowledgebase Home | Glossary | Favorites | Login
Signing .exe/.cab/.dll using signtool

Before you can get started, you'll need a code-signing certificate and associated private key. You can buy one from a commercial Certification Authority (CA) such as Mango CA.

To do the actual code signing, you can use the Sign Tool (signtool.exe) command-line utility that Microsoft bundles in the Windows SDK. You can download the SDK for Windows 7 and .NET Framework 4 from the Microsoft Download Center.

The following command adds the catalog file MyCatalogFileName.cat to the system component and driver database. The /v option generates a unique name if necessary to prevent replacing an existing catalog file named MyCatalogFileName.cat.

    signtool catdb /v /u MyCatalogFileName.cat

The following command signs a file automatically by using the best certificate.

    signtool sign /a MyFile.exe

The following command digitally signs a file by using a certificate stored in a password-protected PFX file.Unknown Object

    signtool sign /f MyCert.pfx /p MyPassword MyFile.exe

The following command digitally signs and time-stamps a file. The certificate used to sign the file is stored in a PFX file.

    signtool sign /f MyCert.pfx /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe

The following command signs a file by using a certificate located in the My store that has a subject name of My Company Certificate.

    signtool sign /n "My Company Certificate" MyFile.exe

The following command signs an ActiveX control and provides information that is displayed by Internet Explorer when the user is prompted to install the control.

    Signtool sign /f MyCert.pfx /d: "MyControl" /du http://www.example.com/MyControl/info.html MyControl.exe

The following command time-stamps a file that has already been digitally signed.

    signtool timestamp /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe

The following command verifies that a file has been signed.

    signtool verify MyFile.exe

The following command verifies a system file that may be signed in a catalog.

    signtool verify /a SystemFile.dll

The following command verifies a system file that is signed in a catalog named MyCatalog.cat.

    signtool verify /c MyCatalog.cat SystemFile.dll

Article Details

Last Updated
4th o February, 2013

Related Articles
No related articles were found.
Attachments
No attachments were found.

Continue

Powered by Mango Certifying Authority