Automating signcode


Rob MacFadyen
writes:

Ok.. so to automate signcode such that is does not prompt
for a password the steps are as follows:

  1. Get the keyimprt.exe tool
    http://msdn.microsoft.com/vba/technical/pvk.asp

    Note: This is a self extracting exe that expands into another self
    extracting exe (named the same), that then extracts to an
    installer. The installer then installs 2 files (again the .exe name
    is the same)

  2. Import your .SPC and .PVK using the tool and instructions
    from #1. This will ask for your password. Pick the store
    explicitly, and pick the “Personal” store.
  3. Use the “certmgr.exe” tool to view your new key and
    determine what it’s common name (cn) is. You can start certmgr.exe
    from IE by Tools->Internet Options, then on the “Content” tab
    click the “Certificates…” button
  4. Use signcode.exe as follows (line breaks add for
    clarity):
    signcode.exe
      -s my
      -cn "Your Cert CN"
      -t
    http://timestamp.verisign.com/scripts/timstamp.dll
      "YourFileToSign"

    Note: If you specify the “YourFileToSign” incorrectly you get a
    cryptic message: “One or more input parameters are invalid.”
    instead of a more useful “file not found” message (there’s 2 hours
    I’ll never get back).

That’s it… you may also want to include the “-info” switch
to add a url that is displayed to the user as “more
info”.