原文:http://www.yaosansi.com/post/1453.html
How to sign EXE using signtool with Verisign SPC and PVK on the command line?
run "signtool signwizard" to start the signing wizard.
1. File Selection: Choose the EXE you wish to sign (ie, yaosansi.com.exe)
2. Signing Options: Choose "Custom"
3. Signature Certificate: Click "Select from File" and choose "mycredentials.spc"
4. Private Key: Select "Private key file on disk" and choose "myprivatekey.pvk"
- Leave CSP at "Microsoft Strong Cryptographic Provider"
- Leave Provider Type at "RSA FULL"
5. Private Key Password: Enter "xxxxxxxxxx"
6. Hash Algorithm: Leave it at 'sha1'
7. Additional Certificates:
- Leave it at "All certificates in the certification path, including the root"
- Leave it at "No additional certificates"
8. Data Description: Enter the following:
- Description:yaosansi.com
- Web Location: http://www.yaosansi.com
9. Digital Signature Wizard:
- Enable "Add a timestamp to the data"
- Timestamp service URL: http://timestamp.verisign.com/scripts/timstamp.dll
- 这里还有两个免费的时间戳服务器
a.http://timestamp.wosign.com/timestamp
b.http://timestamp.comodoca.com/authenticode
* Note: This enables the signature to work forever; not sure
what this means but the Verisign guy was pretty excited about it
10. Review and click OK
11. Enter private key password: Enter "xxxxxxxxxxx"
12. Done!
相关文章:
白话数字签名(番外篇)——签名EXE文件(上)
白话数字签名(番外篇)——签名EXE文件(下)
签名工具 (SignTool.exe)
