Code Signing with one click (example 3)

After Windows Vista came out, many software developers started to use code signing certificates to confirm that the software really comes from the publisher and that the original package has not been modified since it was signed.

SignTool.exe is a command-line utility designed to manage digital signatures (sign, verify, etc). Usually, the command line looks like this:

This command line is mainly used in post-build scripts. Although it is often required to sign a standalone EXE or DLL without running a complete build script (to make a quick test version, etc). Here is what I use on my development machine:

This menu item calls Hstart with the following command line:

After SignTool.exe is executed (note the /WAIT switch), a simple message is displayed telling me that everything is OK:

If something went wrong (f.e. the EXE file is read-only or the timestamp server is not accessible), SignTool.exe returns an error and the following message is displayed:

To enable this Shell command, create a new .REG file with the following content:

A few notes on the REG file:

1. The REG files have a special interpretation of backslash characters: you have to use it before double quotes and backslashes if these characters appear in the data value (\\ => \ and \" => ").
2. Don't forget to replace "E:\BIN\hstart.exe" with your own path.
3. Create the same Shell command for HKEY_CLASSES_ROOT\dllfile to enable this feature for DLL files too.

The sample REG files are included in the Hstart package (see Examples\SignTool).

Download - hstart.zip (23 KB)

Related Links

Code signing and digital signatures:

• What is Digital Signature (with screenshots)
• Automating Code Signing of Windows Executables

Hstart examples:

• Example 1: Automate your daily backups
• Example 2: Optimize images with PNGOUT
• Example 3: Code Signing with one click

* All screenshots on this page are made with WinSnap.