Test Microsoft SignTool commands

4min
This section runs the following Microsoft SignTool commands: signtool sign and signtool verify.
The signtool sign command is relevant to this integration because it is the only SignTool command that initiates communication with the . SignTool must be able to access the private key stored in  to complete the code signing operation successfully.
Sign a file
The following example signs an .exe file, but you can sign other types of files by using SignTool. See the following document for details: https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-tools﻿
Perform the following steps to sign a file using the configured code Signing certificate:
1
Open PowerShell or Windows Command Prompt and run the following command, replacing MyCertificate with the Subject Name of your certificate and example.exe with the name of the file that you are signing:
PowerShell
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
﻿
If the command succeeds, you should receive the following message:
Text
Done Adding Additional Store
Successfully signed: example.exe
Done Adding Additional Store
Successfully signed: example.exe
﻿
Verify the file
To verify the file that was signed, run the following command:
Text
signtool verify /pa example.exe
signtool verify /pa example.exe
﻿
If the command succeeds, you should see output similar to the following example:
Text
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
﻿
﻿
Associate a private key with a certificate
Credential management