Windows/codesign
From Attie's Wiki
(Difference between revisions)
(Created page with "=How to Sign a Binary for Windows= The tools used below come with the Microsoft SDKs. In my case, they can be found here: <code>C:\Program Files\Microsoft SDKs\Windows\v7.1\B...") |
Revision as of 23:47, 25 November 2015
How to Sign a Binary for Windows
The tools used below come with the Microsoft SDKs.
In my case, they can be found here: C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\
.
%HOMEDRIVE% mkdir %HOMEPATH%\sign_bin cd %HOMEPATH%\sign_bin set PATH=%PATH%;C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\ set SUPER_SECURE_PASSWORD=test123 set BINARY_TO_SIGN=\path\to\bin.exe rem Generate a root certificate for this machine makecert ^ -n "CN=My Root Cert,O=%COMPUTERNAME%" ^ -r ^ -pe ^ -a sha512 ^ -len 4096 ^ -cy authority ^ -sv %COMPUTERNAME%.pvk ^ %COMPUTERNAME%.cer pvk2pfx ^ -pvk %COMPUTERNAME%.pvk ^ -spc %COMPUTERNAME%.cer ^ -pfx %COMPUTERNAME%.pfx ^ -po %SUPER_SECURE_PASSWORD% rem Install %COMPUTERNAME%.cer certmgr.exe -add %COMPUTERNAME%.cer -s -r localMachine root rem Generate a task-specific certificate makecert ^ -n "CN=codesign@%COMPUTERNAME%" ^ -iv %COMPUTERNAME%.pvk ^ -ic %COMPUTERNAME%.cer ^ -pe ^ -a sha512 ^ -len 4096 ^ -sky signature ^ -eku 1.3.6.1.5.5.7.3.3 ^ -sv codesign@%COMPUTERNAME%.pvk ^ codesign@%COMPUTERNAME%.cer pvk2pfx ^ -pvk codesign@%COMPUTERNAME%.pvk ^ -spc codesign@%COMPUTERNAME%.cer ^ -pfx codesign@%COMPUTERNAME%.pfx ^ -po %SUPER_SECURE_PASSWORD% rem Install codesign@%COMPUTERNAME%.pfx rundll32.exe cryptext.dll,CryptExtAddPFX codesign@%COMPUTERNAME%.pfx rem Sign the binary signtool ^ sign ^ /t http://timestamp.verisign.com/scripts/timstamp.dll ^ /f "codesign@%COMPUTERNAME%.pfx" ^ /p %SUPER_SECURE_PASSWORD% ^ /d %BINARY_TO_SIGN% ^ %BINARY_TO_SIGN%