Code Signing (Digital Signature) using Signtool Rumi, February 4, 2013 The following command adds the catalog file MyCatalogFileName.cat to the system component and driver database. The /v option generates a unique name if necessary to prevent replacing an existing catalog file named MyCatalogFileName.cat. signtool catdb /v /u MyCatalogFileName.cat The following command signs a file automatically by using the best certificate. signtool sign /a MyFile.exe The following command digitally signs a file by using a certificate stored in a password-protected PFX file. signtool sign /f MyCert.pfx /p MyPassword MyFile.exe The following command digitally signs and time-stamps a file. The certificate used to sign the file is stored in a PFX file. signtool sign /f MyCert.pfx /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe The following command signs a file by using a certificate located in the My store that has a subject name of My Company Certificate. signtool sign /n "My Company Certificate" MyFile.exe The following command signs an ActiveX control and provides information that is displayed by Internet Explorer when the user is prompted to install the control. Signtool sign /f MyCert.pfx /d: "MyControl" /du http://www.example.com/MyControl/info.html MyControl.exe The following command time-stamps a file that has already been digitally signed. signtool timestamp /t http://timestamp.verisign.com/scripts/timstamp.dll MyFile.exe The following command verifies that a file has been signed. signtool verify MyFile.exe The following command verifies a system file that may be signed in a catalog. signtool verify /a SystemFile.dll The following command verifies a system file that is signed in a catalog named MyCatalog.cat. signtool verify /c MyCatalog.cat SystemFile.dll PKI Code SignSignTool