Signing Code using Microsoft’s signtool


Now that we have our code signing certificate in place let us see whether we can use it.


  1. Preparing Code Signing Certificate using Microsoft’s makecert

Command Line

Rather than use Visual Studio, Eclipse, and other modern IDEs will just go directly to the command line and utilize Microsoft’s signtool

Sample Code

Batch File


set "_appFolder=C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\"

set "_app=signtool.exe"

set "_store=My"

set "_appTarget=stub.exe"

set "_urlTimeServer="

goto useCertName


set "_subject=Daniel Adeniji ( codesign self )"

"%_appFolder%\%_app%" sign /s %_store% /tr "%_urlTimeServer%" /n "%_subject%"  %_appTarget%

goto complete


set "_certhash=6543843ADABB05C1223AA031C1984DDFEEB5F021"

"%_appFolder%\%_app%" sign /s %_store%  /tr "%_urlTimeServer%" /sha1 "%_certhash%" %_appTarget%

goto complete





Let us go review the signed file

Windows Explorer

Please launch Windows Explorer, select the file, right click on your selection, and review it’s property.

File Property


Windows Explorer – File Property – Digital Signatures

Here we notice we have a new tab, Digital Signatures

Windows Explorer – File Property – Digital Signature Details
Signer Information
  1. Signer Name :- Daniel
  2. Email :- No Name
    • Need to fix that and ensure that we have a name in a later iteration preparing SSL certificates
  3. Signing Time

View Certificate
View Certificate – Tab – General
  1. Purpose
    • Ensures software came from software publisher
    • Protects software from alteration after publication
View Certificate – Tab – Details
  1. Enhanced Key Usage
    • Code Signing (

View Certificate – Tab – Certification Path
  1. Path
    • Daniel (codesign self)
      • Daniel ( codesign root )



  1. Microsoft
    • Docs / .NET / .NET Framework / Windows Communication Foundation / WCF Feature Details
      • How to: Retrieve the Thumbprint of a Certificate
    • Microsoft | TechNet
      • Scott’s IT Blog
        • Working with Certificates in PowerShell
    • Code Signing for Developers – An Authenticode How-To
  3. digicert
    • Authenticode Code Signing with Microsoft SignTool
    • Vincent Lynch
      • Best Practices for Timestamping

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s