Test Microsoft SignTool commands

3min

This section shows you how to run two Microsoft SignTool commands (signtool sign and signtool verify).
The signtool sign command pertains more specifically to this integration becasue it is the only SignTool command that initiates communication with the . SignTool must be able to access the private key that is stored on the  to complete the code-signing operation successfully.
Sign a file by using the configured code-signing certificate
The following example shows an .exe file being signed, but you can sign several other types of files by using SignTool. Refer to the following URL for details: https://docs.microsoft.com/enus/windows/win32/seccrypto/cryptography-tools﻿
1
Open the Windows Command Prompt application and run the following command, replacing MyCertificate with the Subject Name of your certificate and example.exe with the name of the file that you are signing:
PowerShell
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
﻿
If the command succeeds, you should receive the following message:
PowerShell
Done Adding Additional Store
Successfully signed: example.exe
Done Adding Additional Store
Successfully signed: example.exe
﻿
Verify the file that was signed
1
To verify the file that was signed, run the following command:
PowerShell
signtool verify /pa example.exe
signtool verify /pa example.exe
﻿
If the command succeeds, you should see output similar to the following example:
PowerShell
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
﻿
﻿

Updated 20 Aug 2024

Did this page help you?

Associate a private key with a certificate

Credential management