Rob MacFadyen writes:
Ok.. so to automate signcode such that is does not prompt
for a password the steps are as follows:
- Get the keyimprt.exe tool
http://msdn.microsoft.com/vba/technical/pvk.asp
Note: This is a self extracting exe that expands into another self
extracting exe (named the same), that then extracts to an
installer. The installer then installs 2 files (again the .exe name
is the same) - Import your .SPC and .PVK using the tool and instructions
from #1. This will ask for your password. Pick the store
explicitly, and pick the "Personal" store.
- Use the "certmgr.exe" tool to view your new key and
determine what it's common name (cn) is. You can start certmgr.exe
from IE by Tools->Internet Options, then on the "Content" tab
click the "Certificates..." button
- Use signcode.exe as follows (line breaks add for
clarity):
signcode.exe
-s my
-cn "Your Cert CN"
-t
http://timestamp.verisign.com/scripts/timstamp.dll
"YourFileToSign"
Note: If you specify the "YourFileToSign" incorrectly you get a
cryptic message: "One or more input parameters are invalid."
instead of a more useful "file not found" message (there's 2 hours
I'll never get back).
That's it... you may also want to include the "-info" switch
to add a url that is displayed to the user as "more
info".
posted on
Saturday, August 09, 2003 11:48 AM |