Test Microsoft SignTool commands

2min

This section demonstrates two Microsoft SignTool commands (signtool sign and signtool verify).
The signtool sign command applies specifically to this integration because it is the only SignTool command that initiates communication with the KMES Series 3. SignTool must be able to access the private key that is stored on the KMES to complete the code signing operation successfully.
Sign a file using the configured code signing certificate
The following example signs an .exe file, but you can sign other types of files by using SignTool. Refer to the following URL for details: https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-tools﻿
1
Open the Windows command prompt and run the following command (Replace MyCertificate with the Subject Name of your certificate and example.exe with the name of the file that you are signing):
PowerShell
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
﻿
If the command succeeds, you see the following message:
PowerShell
Done Adding Additional Store
Successfully signed: example.exe
Done Adding Additional Store
Successfully signed: example.exe
﻿
Verify the file that was signed
1
To verify the file that was signed, run the following command:
PowerShell
signtool verify /pa example.exe
signtool verify /pa example.exe
﻿
If the command succeeds, you see the following message:
PowerShell
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
﻿
﻿
﻿

Updated 19 Feb 2024

Did this page help you?

Associate a private key with a certificate

Credential management