安装包签名

最近项目安装包要搞数字签名，申请Symantec的证书后，具体签名方法如下，使用signtool工具

方法如下：

SHA-1 with Timestamp

 

signtool.exe sign /a /s MY /n "Common name" /fd sha1 /t http://timestamp.verisign.com/scripts/timstamp.dll /v "<file to be signed>"

SHA-256 with RFC 3161 Timestamp

signtool.exe sign /a /s MY /n "Common name" /fd sha256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /v "<file to be signed>"

Note: Replace <password> with the password specified when the PFX file was created (omit /p if there was no password set). Replace <file to be signed> with the name of the file you will be signing.

Note: If you are signing the file by use a certificate stored in a password protected PFX file, simply use the arguments "/f YourCertFileName.pfx /p pfxpassword"   instead of "/a /s MY /n "Common name"  in the command.

 

注意：Common name 是已经导入到电脑里证书名