How many people out there knew that the command line tool signtool.exe in the .NET SDK actually had a built in GUI wizard? (yes, geeks/developers enjoys wizards sometimes too) 😀
If you have the .NET Framework SDK 2.0 installed, you can launch the wizard by running: “%programfiles%Microsoft.NETSDKv2.0 64bitBinsigntool.exe signwizard” (on a 64-bit installation)
I just had to try this one, so I started by creating a self signed code signing certificate in my certificate store with the command “makecert.exe -ss My -r -a sha1 -n "Efirstname.lastname@example.org,CN=Fredrik DXter Jonsson" -eku 126.96.36.199.188.8.131.52.3”. And after that, I added the certificate that was created to my trusted roots store. Now, lets go through the wizard! 🙂
The wizard starts.
I select a binary I have made.
I select a typical signing.
I choose to select a certificate from my certificate store.
I select my self signed code signing certificate. The wizard only display’s code signing certificates (with the EKU 184.108.40.206.220.127.116.11.3). For example, my personal S/MIME certificate is not displayed here.
I click next after I have selected my certificate.
I choose to add some descriptions to my cool application. 😉
I prefer to timestamp my signature as well, so I let VeriSign take care of that. 🙂
And now we are done!
If we take a look at the properties of our signed file, we now see that we have a digital signature…
… that is valid and that has a countersignature from VeriSign! 😉
I guess nobody can blame signing difficulties anymore as a reason not to sign. However, since I DON’T recommend to use self signed certificates in production, I believe that the price for a commercial code signing certificate is still a show stopper for small projects. 😉
// Fredrik “DXter” Jonsson