How to sign file exe application?

STEP 1: ORDERING CERTIFICATE

1. Choose a CA (Certificate Authority), such as Globalsign, Symantec, Thawte or VeriSign, and via their website, buy a code signing certificate from them.
During the ordering process, your private and public keys will be generated, too, by your browser, and the private key stored on your computer (and only there).
The process is quite involved – you will have to really prove that your company exists for real and is what it is, including its name. You will typically have to send paper documents, copies of utility bills or similar. This is needed only once – next year, if you renew the code signing certificate, it will be a much simpler process.

2. When the CA has processed your application, you get to download your code signing certificate, and you pair it with the private key that was generated when you ordered.

What many first-time users miss is that the private key indeed exists only on your particular local computer, maybe in your particular browser’s local files. So it is paramount that you use the same browser on the same PC to assemble it all. Once that is done, you can copy your key+certificate files (but they should always be stored safely, because anyone who gets access to them can sign code in your name.)

STEP 2. CODE SIGNING

1. Produce you final EXE or DLL, using any tool (such as InnoSetup). The tool does not matter. You just need the final EXE or DLL. (Theoretically, you could even sign someone else’s EXE, but of course you shouldn’t do that.)

2. Sign the EXE or DLL using Windows’s signtool. It can work in command-line or GUI mode. The parameters to signtool are (a) your EXE or DLL, (b) your private key and certificate (typically stored together in a single file), (c) optionally a URL to a time-stamping service (you should normally use this – there are free time-stamping services avaiable).

3. Done – you now have an EXE or DLL signed with your company’s name, verified by the CA.

Una risposta

admin77 ha detto:

11/04/2021 alle 07:59

test

Accedi per rispondere
Anonimo ha detto:

11/04/2021 alle 07:59

STEP 1: ORDERING CERTIFICATE

1. Choose a CA (Certificate Authority), such as Globalsign, Symantec, Thawte or VeriSign, and via their website, buy a code signing certificate from them.
During the ordering process, your private and public keys will be generated, too, by your browser, and the private key stored on your computer (and only there).
The process is quite involved – you will have to really prove that your company exists for real and is what it is, including its name. You will typically have to send paper documents, copies of utility bills or similar. This is needed only once – next year, if you renew the code signing certificate, it will be a much simpler process.

2. When the CA has processed your application, you get to download your code signing certificate, and you pair it with the private key that was generated when you ordered.

What many first-time users miss is that the private key indeed exists only on your particular local computer, maybe in your particular browser’s local files. So it is paramount that you use the same browser on the same PC to assemble it all. Once that is done, you can copy your key+certificate files (but they should always be stored safely, because anyone who gets access to them can sign code in your name.)

STEP 2. CODE SIGNING

1. Produce you final EXE or DLL, using any tool (such as InnoSetup). The tool does not matter. You just need the final EXE or DLL. (Theoretically, you could even sign someone else’s EXE, but of course you shouldn’t do that.)

2. Sign the EXE or DLL using Windows’s signtool. It can work in command-line or GUI mode. The parameters to signtool are (a) your EXE or DLL, (b) your private key and certificate (typically stored together in a single file), (c) optionally a URL to a time-stamping service (you should normally use this – there are free time-stamping services avaiable).

3. Done – you now have an EXE or DLL signed with your company’s name, verified by the CA.

Accedi per rispondere

Lascia un commento Annulla risposta

Devi essere connesso per inviare un commento.