发表新帖
发表新帖

Windows Code-Signing process & alternative to MS signtool.exe?

后端 未结
关注
4 654
有刺的猬
有刺的猬 2021-01-19 05:48

Using a non-Microsoft compiler, I have written small application for Windows that I\'d like to give away for free or sell for some trivial amount ($5 say). The program doesn

相关标签:
4条回答
  • 無奈伤痛
    2021-01-19 06:07

    There is kSign, and their blog also has an article about how to integrate with Inno Setup.

    It is not a complete replacement for signtool (i.e. it won't sign .cat and .sys files involved in signing driver packages) but it will will digitally sign EXE,DLL,COM,CAB and OCX files.

    0 讨论(0)
  • 佛祖请我去吃肉
    2021-01-19 06:12

    Catch 22: The only code signing tool I have heard of is signtool.exe which can only be obtained by downloading and installing at least 590 MB of other stuff (the SDK).

    No. You are not required to install the whole SDK to install signtool.exe. Use SDK Web installer and choose to install "Tools" only.

    However, the bad news is no signing tool will help you to bypass Windows warning if you have no CA-signed certificate because it is not possible to create something from nothing. The good news is many CA provides FREE code signing certificates for open-source developers, but you should use it to sign only FREE software. So, it is your choise: pay to CA and continue to sell your software, or do not pay and distribute it for free. It looks fair enough.

    0 讨论(0)
  • 野趣味
    2021-01-19 06:14

    Try this free application which also allows you to set other properties of the signed executable such as company name, details, product name, etc.

    0 讨论(0)
  • 余生分开走
    2021-01-19 06:17

    An alternative to signtool is Mono's signcode. Mozilla Developer Network has a very useful article on converting your certificate to SPC/PVK format and signing your EXE with Authenticode:

    Convert PFX to SPC/PVK

    openssl pkcs12 -in authenticode.pfx -nocerts -nodes -out key.pem
openssl rsa -in key.pem -outform PVK -pvk-strong -out authenticode.pvk
openssl pkcs12 -in authenticode.pfx -nokeys -nodes -out cert.pem
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out authenticode.spc

    Sign EXE

    signcode \
 -spc authenticode.spc \
 -v authenticode.pvk \
 -a sha1 -$ commercial \
 -n My\ Application \
 -i http://www.example.com/ \
 -t http://timestamp.verisign.com/scripts/timstamp.dll \
 -tr 10 \
 MyApp.exe

    Passphrases

    Unlike signtool, which accepts the passphrase as a command-line argument, it seems like signcode must be given the passphrase on standard input. I was able to use signcode [arguments] < passphrase.txt.

    0 讨论(0)
 看不清?
提交回复
热议问题