In a previous
blog post I presented my solution for automated code signing, which relied on PTFBPro to generate the necessary key strokes when the
Enter Private Key Password window would pop up.
A reader proposed another solution, which is cleaner: using
SignTool.exe instead of
SignCode.exe.
This requires the following steps:
- Convert the private key (PVK) and public key (SPC) pair to a personal information exchange file (PFX) using the pvk2pfx tool. I did this:
pvk2pfx -pvk key.pvk -spc key.spc -pi p@ssw0rd -pfx key.pfx
- Import the PFX Certificate. This is easy; just double click on the PFX file and this will launch the Certificate Import Wizard. Follow the instructions.
- Update the post build events in order to use signtool. In my case, I launch a small batch file which iterates over the specified files, signing them:
for %%f in (%1) do signtool.exe sign /a /n "OPaC" /d "OPaC bright ideas" /t http://timestamp.verisign.com/scripts/timstamp.dll "%%f"
I am specifiying which certificate to use with the /n option and the /d option is necessary to make the Vista installer happy. Without it, the MSI file which appears in the UAC prompt will have a random name.