Automating signcode

1 minute read

Rob MacFadyen writes:

_Ok.. so to automate signcode such that is does not prompt for a password the steps are as follows:_ > > 1. _Get the keyimprt.exe tool []( Note: This is a self extracting exe that expands into another self extracting exe (named the same), that then extracts to an installer. The installer then installs 2 files (again the .exe name is the same)_ > 2. _Import your .SPC and .PVK using the tool and instructions from #1. This will ask for your password. Pick the store explicitly, and pick the "Personal" store._ > 3. _Use the "certmgr.exe" tool to view your new key and determine what it's common name (cn) is. You can start certmgr.exe from IE by Tools->Internet Options, then on the "Content" tab click the "Certificates..." button_ > 4. _Use signcode.exe as follows (line breaks add for clarity): `signcode.exe   -s my   -cn "Your Cert CN"   -t   "YourFileToSign"` Note: If you specify the "YourFileToSign" incorrectly you get a cryptic message: "One or more input parameters are invalid." instead of a more useful "file not found" message (there's 2 hours I'll never get back)._ > > _That's it... you may also want to include the "-info" switch to add a url that is displayed to the user as "more info"._ > >