windows:
1. Set the relevant content packaged window package.json
"win": {
"icon": "build/icons/icon.ico",
"target": [
{
"target": "nsis",
"arch": [
"w64",
"ia32"
]
}
],
"verifyUpdateCodeSignature": false,
"signingHashAlgorithms": [
"sha256",
"sha1"
],
"signDlls": true,
"rfc3161TimeStampServer": "http://timestamp.digicert.com",
"certificateFile": "xxx.pfx",
"certificatePassword": "xxxxxx"
},
The main parameters:
'Arch: representative of the number of bits required packaged, packed 64 on behalf of Win64, IA32 packed 32 on behalf of, preferably separately packaged, as it is packaged together with the last packet out of the bag is twice the normal development.
'SigningHashAlgorithms': the representative encryption method, generally divided into 'sha256' and 'sha1' in two ways, both can be encrypted.
'Rfc3161TimeStampServer': Representative timestamp is generally used 'http://timestamp.digicert.com' timestamp to be covered
'CertificateFile': address certificate, you must (will explain how to export in the second step of the time) bit pfx format
'CertificatePassword': the certificate private key password, which is set in the allocation of certificates (the second step to explain)
2. Export Certificate pfx format
The windows need to have a certificate of qualification related businesses to make a purchase, I was in the era security number to buy, buy now are based on certificate signature dog (similar to the u disk with banks ) issued a manner to ensure the safety issues . When plugged signature dog will automatically download a certificate management tools, you can can change the password on it, that is the first step certificatePassword value parameters above.
problem:
But the biggest problem is that there can not be exported pfx certificate, the certificate can only export cer format without the private key. It can be signed already finished packaged exe, it is clear that it is not appropriate for electron. End of packaged exe is signed, it can lead to problems can not be upgraded, so it will need to break into the certificate in the packaging of the time.
Solution:
Open the era of software security number (local signature dog is not inserted, if inserted, appear here and will buy certificates), right-certificate, export the certificate cer format, and then modify the suffix pfx, such as the export of test.cer, modify suffix below is named test.pfx, into the project root directory, certificateFile modify the first step is 'test.pfx' can (of course, test just an example, the name of the custom)
3. Packaging
This time, the signature on the windows already, and you run the packaging commands it!
npm run build
Since we are not exported pfx certificate with a private key, it will pop up during packaging pop prompt you to enter a password, enter your password in the second step. The whole can not pull down your signature dog, or signing off.
After the successful operation, carried out on the property right-click your package out of exe, you can see the signature success:
macOS:
1. Production Certificate: