In a previous blog post
I presented my solution for automated code signing, which relied on PTFBPro to generate the necessary key strokes when the Enter Private Key Password
window would pop up.
A reader proposed another solution, which is cleaner: using SignTool.exe
instead of SignCode.exe
This requires the following steps:
- Convert the private key (PVK) and public key (SPC) pair to a personal information exchange file (PFX) using the pvk2pfx tool. I did this:
pvk2pfx -pvk key.pvk -spc key.spc -pi p@ssw0rd -pfx key.pfx
- Import the PFX Certificate. This is easy; just double click on the PFX file and this will launch the Certificate Import Wizard. Follow the instructions.
- Update the post build events in order to use signtool. In my case, I launch a small batch file which iterates over the specified files, signing them:
for %%f in (%1) do signtool.exe sign /a /n "OPaC" /d "OPaC bright ideas" /t http://timestamp.verisign.com/scripts/timstamp.dll "%%f"
I am specifiying which certificate to use with the /n option and the /d option is necessary to make the Vista installer happy. Without it, the MSI file which appears in the UAC prompt will have a random name.