Stack Overflow
Stack Overflow

Questions tagged [signtool]

The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files.

The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. For information about why signing files is important, see Introduction to Code Signing. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.

SignTool is available as part of the Windows SDK, which you can download.

342 questions
15
votes
4 answers

Where is the signtool.exe located in windows 10 SDK?

I'm searching for the latest version of sign tool. Already installed latest windows 10 SDK, but signtool.exe date did not change.
Markus
  • 1,360
  • 1
  • 16
  • 22
15
votes
1 answer

How do I securely store a .pfx password to use in MSBuild?

I need to add certificate signing to my build. Below is a sample of the working script I wrote, however it includes the password to the .pfx file. I can't keep the password in the build script. What are "best practices" or hacks that you would use…
Dan
  • 280
  • 3
  • 9
15
votes
4 answers

Signtool allows me to sign code but Set-AuthenticodeSignature says the "certificate is not suitable for code signing"

I have a self-signed code signing certificate, made with the directions from this answer, that works fine when used with signtool.exe, however if I try to sign using Set-AuthenticodeSignature, it fails. Why can I sign using signtool, but not using…
Scott Chamberlain
  • 124,994
  • 33
  • 282
  • 431
13
votes
2 answers

SignerSign() failed. (-2146869243/0x80096005)

I've been signing compiled apps for several months and have a script that calls the Windows 10 SDK signtool. It's been working fine on two different computers and my certificate is valid. Today, I just started getting an "Unexpected internal…
David Cornelius
  • 437
  • 1
  • 5
  • 12
13
votes
0 answers

SignerTimeStampEx2() failed

I'm using signtool to code sign some Windows setup files and application executables. The command that I'm using is: signtool sign /f "\path\to\certfile.pfx" /p "certPassword" /tr http://tsa.starfieldtech.com /td SHA256 "path\to\setup.exe" The /tr…
Ron Ratzlaff
  • 298
  • 3
  • 13
13
votes
3 answers

Automated Code Signing - Protecting the private key

I want to automate the code signing of some ClickOnce deployment artifacts - application exe's and manifests. I am using signtool to accomplish this. In an attempt to make the private key available for signing and yet protect the certificate file…
Ron Ratzlaff
  • 298
  • 3
  • 13
13
votes
4 answers

Why I get "The specified PFX password is not correct" when trying to sign application with signtool?

I followed this link to sign my exe application. I installed SDK tool on Windows 7, run C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin>makecert.exe -sv App-O.pvk -n "CN=MY DIGITAL KEY" App-O.cer Dialog opened to provide password: I wrote…
Maxim Shoustin
  • 77,483
  • 27
  • 203
  • 225
12
votes
2 answers

Is it possible to dual-sign installer and uninstaller with sha1 and sha256 certificates?

Is it possible in Inno Setup to sign the Uninstaller and Installer with sha1 and sha256 at the same time? I know that it is possible to sign the Executable with both certs via command tool, but want to know if this is possible to achieve with…
RobeN
  • 5,346
  • 1
  • 33
  • 50
12
votes
3 answers

Publisher Unknown after successfully running signTool

I'm trying to create a test certificate and sign a .MSI file I have created. I need to get the test version working with a signed .MSI before we can purchase a real security certificate. I have performed the following steps to sign my .MSI file.…
Kris
  • 514
  • 3
  • 6
  • 19
11
votes
1 answer

SignTool Not Signing ClickOnce App Using SHA256, Only Uses SHA1

I'm trying to sign my clickonce app. I have an EV code signing certificate that is using SHA256. The problem is that when I sign my app using the post build commands, it seems to be using SHA1 instead of SHA256. Here is a clip of the output…
jwitt98
  • 1,194
  • 1
  • 16
  • 30
10
votes
4 answers

SignTool.exe Sporadically Fails with Exit Code 1

As part of our build system, we use signtool.exe with a certificate to sign our binaries once they've been built. Occasionally (it's hard to tell when it will strike), the signing fails: error MSB3073: The command "C:\Program Files\Microsoft Visual…
ashes999
  • 9,925
  • 16
  • 73
  • 124
10
votes
1 answer

STATUS_NOT_FOUND as "An unexpected internal error" in signtool.exe

My question is related to this one. Alas, that question is about a different CA (Symantec) and uses a different hardware token (from Safenet) and while the provided solution(s) there match the error code, the circumstances of my case don't (among…
0xC0000022L
  • 20,597
  • 9
  • 86
  • 152
10
votes
5 answers

"Error: SignerSign() failed." (-2147023673/0x800704c7)

While using signtool for code signing on our buildserver jenkins shows the following error message: Done Adding Additional Store Error information: "Error: SignerSign() failed." (-2147023673/0x800704c7) SignTool Error: An unexpected internal error…
Dirk W.
  • 121
  • 1
  • 7
10
votes
6 answers

How to install SignTool.exe for VS 2017?

After upgrade to VS 2017 i got "Error An error occurred while signing: SignTool.exe not found." But only using MSbuild on the Visual Studio publish there's no problem. I already checked folder "C:\Program Files (x86)\Microsoft…
Vitor Silva
  • 161
  • 1
  • 1
  • 11
10
votes
1 answer

Code signing with both sha1 and sha256 simultaneously?

Due to Windows changing their security policies, we are planning to begin code-signing driver files with the SHA-256 algorithm instead of SHA-1. However, we still want to be able to support older OS's that still require SHA-1 signing. Using…
ksun
  • 1,369
  • 2
  • 13
  • 21
1
2
3
22 23