> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Test Microsoft SignTool commands

> Procedural guide demonstrating how to run signtool sign and verify commands using an HSM-backed certificate.

This section shows you how to run two Microsoft SignTool commands (**signtool sign** and **signtool verify**).

The **signtool sign** command pertains more specifically to this integration because it is the only signtool command that initiates communication with the Vectera Plus. SignTool must be able to access the private key that is stored on the Vectera Plus to complete the code-signing operation successfully.

## Sign a file by using the certificate

Perform the following steps to sign a file by using the configured code-signing certificate:

<Note>
  The following example shows an `.exe` file being signed, but you can sign several other types of files by using SignTool. Refer to the following URL for details: [https://docs.microsoft.com/enus/windows/win32/seccrypto/cryptography-tools](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-tools)
</Note>

<Steps>
  <Step>
    Open the Windows Command Prompt application and run the following command, replacing the **MyCertificate** placeholder with the **Subject Name** of your certificate and `example.exe` with the name of the file that you are signing:

    ```powershell expandable lines wrap title="Powershell" theme={null}
    signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
    ```

    <Check>
      If the command succeeds, you should receive the following message:

      ```powershell expandable lines wrap title="Powershell" theme={null}
      Done Adding Additional Store
      Successfully signed: example.exe
      ```
    </Check>
  </Step>
</Steps>

### Verify the file

Perform the following seps to verify the signed file:

<Steps>
  <Step>
    To verify the file that was signed, run the following command:

    ```powershell expandable lines wrap title="Powershell" theme={null}
    signtool verify /pa example.exe
    ```

    <Check>
      If the command succeeds, you should see output similar to the following example:

      ```powershell expandable lines wrap title="Powershell" theme={null}
      File: example.exe
      Index  Algorithm  Timestamp
      ========================================
      0      sha1       None

      Successfully verified: example.exe
      ```
    </Check>
  </Step>
</Steps>
