Friday 29 January 2016

How to sign a code or dll using code signing certificate?

Alternative of :-

  • How to sign ActiveX using code signing certificate?
  • How to sign a code or dll using certificate?
  • How to use SignCode tools to sign a file?
  • How to use SignTool tools to sign a file?
  • How to sign Cab, .dll and .exe files using certificate and signing tools?



As a software developer its comman to sign created code, file using code signing certificate.
Or its we got "unknown publisher" or "publisher not verified" while installing our software on windows.
Most of the time we try to find shortcuts and 100% tested process that could solve our problem.
Today i am going to share how to sign code, ddl or cab file using inbuilt MS tools.
Its very easy simple and 1-2 lines of command line code.

So basicaly to sign a code we need to follow the following steps:-
1. Get code signing certificate. That we could get from any of the given link
https://www.digicert.com/code-signing/
https://www.instantssl.com/code-signing-certificate.html
https://www.globalsign.com/en/code-signing-certificate/
or else search tearm Verisign / Thawte / Entrust / Comodo / Globalsign etc CAs on google.

2. We could get code signin certificates in to way (files)
a. .spc and .pvk
b. .pfx

3. Go to CMD run as administrator
cd\
cd Program Files (x86)\Windows Kits\8.1\bin\x64

4. For .spc and .pvk
SignCode -prog "c:\mykey\Mycabfile.cab" -spc "c:\mykey\MyCert.spc" -pvk "c:\mykey\MyKey.pvk"

5. For .pfx
signtool sign /f "c:\mykey\CodeSign.pfx" /p pass_word_12345678 /tr http://tsa.starfieldtech.com/timestampurl /td SHA256 "c:\mykey\Mycabfile.cab"


Note:For CAB files, space should be allocated for the digital signature by adding the following entry to your DDF file before creating the cab file:
Set ReservePerCabinetSize=6144.

Referance:
https://msdn.microsoft.com/library/8s9b9yaz(v=vs.100).aspx
https://msdn.microsoft.com/en-us/library/aa231196(v=vs.60).aspx