The wizard in signtool.exe – digital signing for dummies…

How many people out there knew that the command line tool signtool.exe in the .NET SDK actually had a built in GUI wizard? (yes, geeks/developers enjoys wizards sometimes too)

 

If you have the .NET Framework SDK 2.0 installed, you can launch the wizard by running: “%programfiles%\Microsoft.NET\SDK\v2.0 64bit\Bin\signtool.exe signwizard” (on a 64-bit installation)

 

I just had to try this one, so I started by creating a self signed code signing certificate in my certificate store with the command “makecert.exe -ss My -r -a sha1 -n "E=dxter@ghostzone.net,CN=Fredrik DXter Jonsson" -eku 1.3.6.1.5.5.7.3.3”. And after that, I added the certificate that was created to my trusted roots store. Now, lets go through the wizard!

 

 

The wizard starts.

 

 

I select a binary I have made.

 

 

I select a typical signing.

 

 

I choose to select a certificate from my certificate store.

 

 

I select my self signed code signing certificate. The wizard only display’s code signing certificates (with the EKU 1.3.6.1.5.5.7.3.3). For example, my personal S/MIME certificate is not displayed here.

 

 

I click next after I have selected my certificate.

 

 

I choose to add some descriptions to my cool application.

 

 

I prefer to timestamp my signature as well, so I let VeriSign take care of that.

 

 

And now we are done!

 

 

Yeah!

 

 

If we take a look at the properties of our signed file, we now see that we have a digital signature…

 

 

… that is valid and that has a countersignature from VeriSign!

 

 

I guess nobody can blame signing difficulties anymore as a reason not to sign. However, since I DON’T recommend to use self signed certificates in production, I believe that the price for a commercial code signing certificate is still a show stopper for small projects.

 

 

// Fredrik “DXter” Jonsson

No related posts.