windows-authenticode-signer
Sign Windows executables with Authenticode using signtool. This skill configures code signing for Windows applications with standard and EV certificates, timestamping, and CI/CD integration.
Capabilities
- Sign executables with Authenticode
- Configure EV certificate signing
- Set up timestamping servers
- Sign with Azure Key Vault
- Configure CI/CD signing workflows
- Verify existing signatures
- Sign DLLs and nested binaries
- Configure dual SHA1/SHA256 signing
Input Schema
{
"type": "object",
"properties": {
"executablePath": { "type": "string" },
"certificateSource": { "enum": ["file", "store", "azure-keyvault", "digicert"] },
"timestampServer": { "type": "string" },
"hashAlgorithm": { "enum": ["SHA256", "SHA1", "dual"] }
},
"required": ["executablePath"]
}
Signing Commands
# Sign with PFX file
signtool sign /f certificate.pfx /p password /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyApp.exe
# Sign with certificate store
signtool sign /n "My Company" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyApp.exe
# Sign with Azure Key Vault
AzureSignTool sign -kvu https://myvault.vault.azure.net -kvi $AZURE_CLIENT_ID -kvt $AZURE_TENANT_ID -kvs $AZURE_CLIENT_SECRET -kvc MyCertificate -tr http://timestamp.digicert.com -td sha256 MyApp.exe
Verification
signtool verify /pa /v MyApp.exe
Related Skills
msix-package-generatorcode-signing-setupprocess