SignTool.exe is a command-line tool for Microsoft's official release, used to digitally sign documents, and verify that the file timestamp and signature files, Microsoft introduced the official document: https: //docs.microsoft.com/zh-cn / dotnet / framework / tools / signtool-exe
This tool is automatically installed with Visual Studio, if your computer has Visual Studio installed, then you may find it in the following directory:
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe
C:\Program Files\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe
The command-line tool can only be run in DOS, no graphical interface.
SignTool.exe use the file requires the use of a certificate * .pfx format of the digital signature .
1. exe program for digital signatures
# / P <passwd> represents pfx certificate to open password
SignTool Sign / f MyCert.pfx / the p-MyPassword MyFile.exe
2. dll file digital signature
signtool sign /f MyCert.pfx /p MyPassword MyFile.dll
3. digitally signed and time stamped
signtool sign /f MyCert.pfx /t http://timestamp.digicert.com MyFile.exe
4. timestamps the exe program has been signed, if the exe program is not signed can not be time-stamped.
signtool timestamp /t http://timestamp.digicert.com MyFile.exe
5. * .crt certificate format is converted into the format * .pfx
# Format conversion requires two files: a private key (xxxx.key) and certificate (xxxx.crt) OpenSSL will ask you to set a password to open the pfx certificate # conversion certificate format, you can simply press the Enter key does not set a password. PKCS12 OpenSSL -export - in xxxx.crt -inkey xxxx.key - OUT xxxx.pfx
...