How to sign EXE using signtool with Verisign SPC and PVK on the command line?

run “signtool signwizard” to start the signing wizard.

  1. File Selection: Choose the EXE you wish to sign (ie,
  2. Signing Options: Choose “Custom”
  3. Signature Certificate: Click “Select from File” and choose “mycredentials.spc”
  4. Private Key: Select “Private key file on disk” and choose “myprivatekey.pvk”
    • Leave CSP at “Microsoft Strong Cryptographic Provider”
    • Leave Provider Type at “RSA FULL”
  5. Private Key Password: Enter “xxxxxxxxxx”
  6. Hash Algorithm: Leave it at ‘sha1’
  7. Additional Certificates:
    • Leave it at “All certificates in the certification path, including the root”
    • Leave it at “No additional certificates”
  8. Data Description: Enter the following:
  9. Digital Signature Wizard:

  10. Review and click OK
  11. Enter private key password: Enter “xxxxxxxxxxx”
  12. Done!