The wizard in signtool.exe – digital signing for dummies…

How many people out there knew that the command line tool signtool.exe in the .NET SDK actually had a built in GUI wizard? (yes, geeks/developers enjoys wizards sometimes too) 😀

 

If you have the .NET Framework SDK 2.0 installed, you can launch the wizard by running: “%programfiles%Microsoft.NETSDKv2.0 64bitBinsigntool.exe signwizard” (on a 64-bit installation)

 

I just had to try this one, so I started by creating a self signed code signing certificate in my certificate store with the command “makecert.exe -ss My -r -a sha1 -n "E=dxter@ghostzone.net,CN=Fredrik DXter Jonsson" -eku 1.3.6.1.5.5.7.3.3”. And after that, I added the certificate that was created to my trusted roots store. Now, lets go through the wizard! 🙂

 

 

image

The wizard starts.

 

 

image

I select a binary I have made.

 

 

image

I select a typical signing.

 

 

image

I choose to select a certificate from my certificate store.

 

 

image

I select my self signed code signing certificate. The wizard only display’s code signing certificates (with the EKU 1.3.6.1.5.5.7.3.3). For example, my personal S/MIME certificate is not displayed here.

 

 

image

I click next after I have selected my certificate.

 

 

image

I choose to add some descriptions to my cool application. 😉

 

 

image

I prefer to timestamp my signature as well, so I let VeriSign take care of that. 🙂

 

 

image

And now we are done!

 

 

image

Yeah! 😀

 

 

image

If we take a look at the properties of our signed file, we now see that we have a digital signature…

 

 

image

… that is valid and that has a countersignature from VeriSign! 😉

 

 

I guess nobody can blame signing difficulties anymore as a reason not to sign. However, since I DON’T recommend to use self signed certificates in production, I believe that the price for a commercial code signing certificate is still a show stopper for small projects. 😉

 

 

// Fredrik “DXter” Jonsson

5 thoughts on “The wizard in signtool.exe – digital signing for dummies…

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: