signtool

I'm trying to build a tool that will mass sign a bunch of files based on Kernel-Mode Code Signing requirements. I know that signtool can take an additional certificate for cross-signatures trust via the /ac argument, but have not been able to figure out how to do the same using SignerSign or SignerSignEx. I've even spied on signtool's API calls, and mirroring them does not seems to produce the same affect. Be aware, signtool or other command-line utilities cannot be used for this purpose due to project constraints. Is there any documentation or examples on how to accomplish this? Okay, after

I make an exe file for Windows 8 RT. But when I want to run, show an error message: "Windows cannot verify the digital signature for this file. ..." I get a developer licence for windows 8 RT . With this license visual studio 2012 can remotely deploy and run metro application in my surface. But I want to sign manually my exe file with this certificate using signtool.exe : signtool.exe sign -s CertStoreName -n "subject name" C:\mytest.exe My problem is that I don't know the "CertStoreName" and "subject name" for my developer licence. How can I get these names. The developer license just allows

I recently got a new code signing certificate. I'm using MSBuild's SignFile task to sign an application manifest. For some reason the task is returning: MSB3481: The signing certificate could not be located. Ensure that it is in the current user's personal store. The certificate is definitely in my personal store, I can see it in certmgr.msc. And I believe that I'm logged in as the same user since I'm able to sign the manifest using a different certificate that is in the same personal store. Not sure why this new certificate cannot be found. I'm even able to use signtool.exe with the new

We sign our executables on the build server. Suddenly the build server failed to build giving the error: SingTool Error: The sepcified timestamp server either could not be reached or returned an invalid response. After changing the timestamp server to http://sha256timestamp.ws.symantec.com/sha256/timestamp , singing did work again. Are there any issues with our old url? Why is it not available anymore? Could we have some (security) issues with the old signed files or the new url? I know this is a little bit broad I just don't want to miss anything... Heldai I asked Symantec about that, so they

Is it possible in Inno Setup to sign the Uninstaller and Installer with sha1 and sha256 at the same time? I know that it is possible to sign the Executable with both certs via command tool, but want to know if this is possible to achieve with SignTool in Inno. Autoanswer... Yes, this is possible. As @Wosi suggested you can write a batch and then call it with $f parameter added. Sample batch (signtool.bat): @echo off "PATH_TO_SIGNTOOL\signtool.exe" sign /v /du "COMPANY_NAME" /fd sha1 /t "http://timestamp.verisign.com/scripts/timstamp.dll" /f "sha1_cert.pfx" /p PASSWORD %1 set SIGN_RESULT_1=

I have issued myself a Code Signing certificate from a certificate server. I have also issued myself the root certificate from the same certificate server. The root certificate exists in both the Current User and Local Computer certificate stores within the Trusted Root Certification Authorities folder. I have successfully signed a DLL using the signtool.exe wizard: "C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" signwizard <MyDLLName>.dll However, when I try to verify my DLL, it fails verification with the following error: "C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin

How to install SignTool.exe in Visual Studio 2015 for Windown 10? I tried to build my project but the program threw an error : Error An error occurred while signing: SignTool.exe not found. You need to install the Windows 10 SDK. Visual Studio 2015 Update 1 contains it already, but it is not installed by default. You should go to Control Panel -> Programs and Features, find Microsoft Visual Studio 2015 and select "Change". Visual Studio 2015 setup will start. Select "Modify". In Visual Studio components list find "Universal Windows App Development Tools", open the list of sub-items and select

There are many sites that explain how to run signtool.exe on a .pfx certificate file, which boil down to: signtool.exe sign /f mycert.pfx /p mypassword /t http://timestamp.server.com \ /d "My description" file1.exe file2.exe I have a continuous integration CI process setup (using TeamCity) which like most CI processes, does everything: checks out source, compiles, signs all .exes, packages into an installer, and signs the installer .exe. There are currently 3 build agents, running identical VMs, and any of them can run this process. Insecure implementation To accomplish this today, I do a