Code Signing (Digital Signature) using Signtool

The following command adds the catalog file MyCatalogFileName.cat to the system component and driver database. The /v option generates a unique name if necessary to prevent replacing an existing catalog file named MyCatalogFileName.cat.

signtool catdb /v /u MyCatalogFileName.cat

The following command signs a file automatically by using the best certificate.

signtool sign /a MyFile.exe

The following command digitally signs a file by using a certificate stored in a password-protected PFX file.

signtool sign /f MyCert.pfx /p MyPassword MyFile.exe

The following command digitally signs and time-stamps a file. The certificate used to sign the file is stored in a PFX file.

signtool sign /f MyCert.pfx /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe

The following command signs a file by using a certificate located in the My store that has a subject name of My Company Certificate.

signtool sign /n "My Company Certificate" MyFile.exe

The following command signs an ActiveX control and provides information that is displayed by Internet Explorer when the user is prompted to install the control.

Signtool sign /f MyCert.pfx /d: "MyControl" /du http://www.example.com/MyControl/info.html MyControl.exe

The following command time-stamps a file that has already been digitally signed.

signtool timestamp /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe

The following command verifies that a file has been signed.

signtool verify MyFile.exe

The following command verifies a system file that may be signed in a catalog.

signtool verify /a SystemFile.dll

The following command verifies a system file that is signed in a catalog named MyCatalog.cat.

signtool verify /c MyCatalog.cat SystemFile.dll
 

Share