Test Microsoft SignTool commands - Futurex Documentation

This section shows you how to run two Microsoft SignTool commands (signtool sign and signtool verify). The signtool sign command pertains more specifically to this integration because it is the only signtool command that initiates communication with the Vectera Plus. SignTool must be able to access the private key that is stored on the Vectera Plus to complete the code-signing operation successfully.

Sign a file by using the certificate

Perform the following steps to sign a file by using the configured code-signing certificate:

The following example shows an .exe file being signed, but you can sign several other types of files by using SignTool. Refer to the following URL for details: https://docs.microsoft.com/enus/windows/win32/seccrypto/cryptography-tools

Open the Windows Command Prompt application and run the following command, replacing the MyCertificate placeholder with the Subject Name of your certificate and example.exe with the name of the file that you are signing:

Powershell

signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe

If the command succeeds, you should receive the following message:

Powershell

Done Adding Additional Store
Successfully signed: example.exe

Verify the file

Perform the following seps to verify the signed file:

To verify the file that was signed, run the following command:

Powershell

signtool verify /pa example.exe

If the command succeeds, you should see output similar to the following example:

Powershell

File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe

⌘I

​Sign a file by using the certificate

​Verify the file

Sign a file by using the certificate

Verify the file