Test Microsoft SignTool commands - Futurex Documentation

This section demonstrates two Microsoft SignTool commands (signtool sign and signtool verify). The signtool sign command applies specifically to this integration because it is the only SignTool command that initiates communication with the KMES Series 3. SignTool must be able to access the private key that is stored on the KMES to complete the code signing operation successfully.

Sign a file using the configured code signing certificate

The following example signs an .exe file, but you can sign other types of files by using SignTool. Refer to the following URL for details: https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-tools

Open the Windows command prompt and run the following command (ReplaceMyCertificate with the Subject Name of your certificate and example.exe with the name of the file that you are signing):

Powershell

signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe

If the command succeeds, you see the following message:

None

Done Adding Additional Store
Successfully signed: example.exe

Verify the file that was signed

To verify the file that was signed, run the following command:

Powershell

signtool verify /pa example.exe

If the command succeeds, you see the following message:

None

File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe

⌘I

​Sign a file using the configured code signing certificate

​Verify the file that was signed

Sign a file using the configured code signing certificate

Verify the file that was signed