Page 1 of 1

EV Authenticode Signing

Posted: Thu Oct 26, 2017 7:32 pm
by Obliterator
It would be nice if your code signing improved to use named certificates installed on the machine (instead of given pfx files) and gave more control over the code signing parameters (for example /a /n /td /fd /d /du parameters).

For example, we currently sign our binaries as follows:

"C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign /a /n "Our EV Cert Name" /tr http://timestamp.digicert.com /td sha256 /fd sha256 /d "App Signing Description" /du "App Signing Detail" "TargetFile.exe"

It would be great if IA Authenticode page allowed all of those parameters to be configured and passed them through. Or let us specify the signing command line to be executed and substituted "TargetFile.exe" with a variable.

Re: EV Authenticode Signing

Posted: Tue Apr 20, 2021 5:27 pm
by rev23dev
I just got an EV cert and ran into this too. No one from IA even replied here.

Re: EV Authenticode Signing

Posted: Wed Apr 21, 2021 11:43 am
by FrancescoT
Currently, it's not possible to specify an EV certificate from Authenticode settings.
However, it's Always possible to sign using an EV certificate via Build Events.

This is an example we released a while ago when Microsoft introduced "the New Code Signing Policy" ...there is just to update the signtool.exe parameters accordingly.
https://www.installaware.com/blog/?p=416

Finally, EV certificate support should be probably available with the next major release.