Code signing on Windows

Marty Knapp martyknappster at gmail.com
Thu Mar 6 20:01:39 EST 2025 

Thanks Matthias, I’ll give that a try.

---
Marty Knapp
> On Mar 6, 2025, at 3:11 AM, matthias rebbe via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> Marty,
> 
> you could use signtool.exe
> https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
> 
> which is part of the Windows SDK kit
> 
> https://developer.microsoft.com/windows/downloads/windows-sdk
> 
> to automatic signing in Innosetup using the dongle
> https://jrsoftware.org/ishelp/index.php?topic=setup_signtool
> I am not sure if that page already covers signing with a dongle, but at least you see how to setup innosetup for use with signtool.
> You'll find the correct parameters  at the end of this email.
> 
> It is mandatory that your USB dongle is  connected to your computer and also the drivers for that USB token  must be installed correctly.
> When connecting the USB dongle to your computer you automatically should be asked for your "access" password. The password which allows to access the token. After entering this your certificate is available for signing using signtool.exe.
> 
> 
> The sign command would look like this
> 
> signtool.exe sign /n ##certowner## /tr ##timestampserver## /td sha256 /fd sha256 /v ##file(s)##
> 
> ##certowner##    -  name of the cert owner
> 
> ##timestampserver## - the url for the timestamp server - this is information is normally provided with the certificate
> ##files##  - path the the file or files to be signed
> 
> 
> If only one code signing certificate is on the token then you could use
> 
> signtool sign /a  /tr ##timestampserver## /td sha256 /fd sha256 /v ##file(s)##
> 
> Parameter /a searches for the best available code signing certificate that is valid for the longest time.
> 
> 
> 
> Btw. about 5 months ago I posted this here in the list. Maybe this is also of help for you.
> 
> <<
> WinSignHelperV2 is now available in the Sample stacks section of LC. 
> Just search for WinSignHelperV2. 
> It is also here available https://livecodeshare.runrev.com/stack/1040/WinSignHelperV2
> 
> The tool builds the correct  signtool.exe parameters and execute signtool.exe
> 
> It was now successfully tested with  Cloudbased code signing certificate and also with a code signing certificate on a USB token.
> 
> You just drag the folder which contains the .exe and any additional .dll files to the stack and the tool creates the command with all parameters and executes signtool.exe then.
> 
> Signtool.exe is part of the Windows sdk. A download url for the sdk can be found in the help section of the main stack.
> 
> The main stack is password protected.
> 
> This stack only works on Windows, regardless if on a VM or on real hardware.
> 
> So if anyone is interested, then give it a try.
>>> 
> 
> HTH
> Matthias
> 
> 
>> Am 06.03.2025 um 00:56 schrieb Marty Knapp via use-livecode <use-livecode at lists.runrev.com>:
>> 
>> Just had to renew my code signing certificate for Windows. Used K Soft as before but the certificate came from Sectigo (dang expensive) and came on a USB dongle. I exported the certificate so I could use my automated setup using Inno setup and the K Sign app which worked great before. Can’t get it to work. Anybody gone down this road? Tech support seems to be non-existent from either Sectigo or K Soft.
>> 
>> ---
>> Marty Knapp
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list