EDN Admin
Well-known member
I have a newly-minted Verisign certificate in the form of a SPC and PVK file, and I can sign EXEs and CABs flawlessly using the wizard. How can I do the same from the command line? I use the follwing steps to sign using the wizard, and it works great every time:
<div style="margin-left:40px Simply run "signtool signwizard" to start the signing wizard.
1. File Selection: Choose the EXE you wish to sign (ie, RSInstaller.exe)
2. Signing Options: Choose "Custom"
3. Signature Certificate: Click "Select from File" and choose "mycredentials.spc"
4. Private Key: Select "Private key file on disk" and choose "myprivatekey.pvk"
- Leave CSP at "Microsoft Strong Cryptographic Provider"
- Leave Provider Type at "RSA FULL"
5. Private Key Password: Enter "xxxxxxxxxx"
6. Hash Algorithm: Leave it at sha1
7. Additional Certificates:
- Leave it at "All certificates in the certification path, including the root"
- Leave it at "No additional certificates"
8. Data Description: Enter the following:
- Description: Red Swoosh Installer
- Web Location: http://www.redswoosh.net
9. Digital Signature Wizard:
- Enable "Add a timestamp to the data"
- Timestamp service URL: http://timestamp.verisign.com/scripts/timstamp.dll
* Note: This enables the signature to work forever; not sure
what this means but the Verisign guy was pretty excited about it
10. Review and click OK
11. Enter private key password: Enter "xxxxxxxxxxx"
12. Done!
However, I have no luck whatsoever with with the command line. After a bunch of trial and error, heres the best I can come up with:
<div style="margin-left:40px;font-family:Courier New,Courier,Monospace signtool sign /f mycredentials.spc /p xxxxxxxxxx /csp "Microsoft Strong Cryptographic Provider" /v /k myprivatekey.pvk /sha1 7E1C84D7F90B9A3F17DF5425D9B86DDD0D23816E RSInstaller-2.000-157.exe
The following certificate was selected:
Issued to: Red Swoosh, Inc.
Issued by: VeriSign Class 3 Code Signing 2004 CA
Expires: 8/5/2007 4:59:59 PM
SHA1 hash: 7E1C84D7F90B9A3F17DF5425D9B86DDD0D23816E
SignTool Error: The specified private key container was not found.
Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
What am I doing wrong?
I apologize if this is the wrong group; Im not sure where best to address this issue, and any pointers you have would be appreciated.
-david
View the full article
<div style="margin-left:40px Simply run "signtool signwizard" to start the signing wizard.
1. File Selection: Choose the EXE you wish to sign (ie, RSInstaller.exe)
2. Signing Options: Choose "Custom"
3. Signature Certificate: Click "Select from File" and choose "mycredentials.spc"
4. Private Key: Select "Private key file on disk" and choose "myprivatekey.pvk"
- Leave CSP at "Microsoft Strong Cryptographic Provider"
- Leave Provider Type at "RSA FULL"
5. Private Key Password: Enter "xxxxxxxxxx"
6. Hash Algorithm: Leave it at sha1
7. Additional Certificates:
- Leave it at "All certificates in the certification path, including the root"
- Leave it at "No additional certificates"
8. Data Description: Enter the following:
- Description: Red Swoosh Installer
- Web Location: http://www.redswoosh.net
9. Digital Signature Wizard:
- Enable "Add a timestamp to the data"
- Timestamp service URL: http://timestamp.verisign.com/scripts/timstamp.dll
* Note: This enables the signature to work forever; not sure
what this means but the Verisign guy was pretty excited about it
10. Review and click OK
11. Enter private key password: Enter "xxxxxxxxxxx"
12. Done!
However, I have no luck whatsoever with with the command line. After a bunch of trial and error, heres the best I can come up with:
<div style="margin-left:40px;font-family:Courier New,Courier,Monospace signtool sign /f mycredentials.spc /p xxxxxxxxxx /csp "Microsoft Strong Cryptographic Provider" /v /k myprivatekey.pvk /sha1 7E1C84D7F90B9A3F17DF5425D9B86DDD0D23816E RSInstaller-2.000-157.exe
The following certificate was selected:
Issued to: Red Swoosh, Inc.
Issued by: VeriSign Class 3 Code Signing 2004 CA
Expires: 8/5/2007 4:59:59 PM
SHA1 hash: 7E1C84D7F90B9A3F17DF5425D9B86DDD0D23816E
SignTool Error: The specified private key container was not found.
Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
What am I doing wrong?
I apologize if this is the wrong group; Im not sure where best to address this issue, and any pointers you have would be appreciated.
-david
View the full article
