1Mono(signcode)                                                  Mono(signcode)
2
3
4

NAME

6       signcode - Digitally sign an PE executable using an X.509 certificate.
7

SYNOPSIS

9       signcode [options] filename
10

DESCRIPTION

12       Digitally  sign an PE executable (CLR assembly, Win32 EXE or DLL) using
13       an X.509 certificate and it's associated private key. The signature  is
14       compatible  with  Authenticode(r)  and  can  be validated with chktrust
15       (either on Windows or on any platform supported by Mono).
16

OPTIONS

18       -spc spcfile
19              The Software Publisher File (spc) that contains the  X.509  cer‐
20              tificate chain used to digitally sign the PE executable.
21
22       -v pvkfile
23              The Private Key File (pvk) that contains the private key used to
24              digitally sign the PE executable. This private  key  must  match
25              the public key inside the publisher X.509 certificate.
26
27       -a sha1 | md5 | sha2 | sha256 | sha384 | sha512
28              The  hash algorithm used in the digital signature of the PE exe‐
29              cutable. The default algorithm is SHA1.
30
31       -$ individual | commercial
32              Add information about the publisher, i.e. if  the  signature  is
33              generated by an individual or a commercial entity.
34
35       -n description
36              Add a textual description of the signed file.
37
38       -i url Add a URL associated to the publisher or the signed file.
39
40       -t url URL  to  a  timestamp  service to countersign the PE executable.
41              Countersignature is required if you want the PE executable  sig‐
42              nature  to be valid after the publisher certificate expires. The
43              countersignature proves that the publisher  had  a  valid  (non-
44              expired) certificate when the PE executable was signed.
45
46       -tr #  Number of retries to get a timestamp for the countersignature.
47
48       -tw #  Delay  (in  seconds)  between the retries to get a timestamp for
49              the countersignature.
50
51       -k name
52              CryptoAPI key container name (when not using -v).
53
54       -p name
55              CryptoAPI provider name (when not using -v).
56
57       -y #   CryptoAPI provider type (when not using -v or -p).
58
59       -ky signature | exchange | #
60              CryptoAPI key type (when not using -v).
61
62       -r localMachine | currentUser
63              CryptoAPI key location (when not using -v).
64
65       -help , -h , -? , /?
66              Display help about this tool.
67

OTHER CODE SIGNING TECHNOLOGIES

69       Assemblies are PE files that can also be strongnamed using  the  sn.exe
70       tool.  The order of code signature is important if a file requires both
71       an Authenticode and a strongname signature. Strongname must be  applied
72       before  the  Authenticode  signature.  Applying  a strongname after the
73       Authenticode signature, like re-signing an assembly (e.g.  delay-sign),
74       will invalidate the Authenticode signature.
75

KNOWN RESTRICTIONS

77       signcode cannot generate Authenticode signatures for CAB files.
78

AUTHOR

80       Written by Sebastien Pouliot
81
83       Copyright  (C)  2003  Motus  Technologies.   Copyright (C) 2004 Novell.
84       Released under BSD license.
85

MAILING LISTS

87       Visit   http://lists.ximian.com/mailman/listinfo/mono-devel-list    for
88       details.
89

WEB SITE

91       Visit http://www.mono-project.com for details
92

SEE ALSO

94       chktrust(1),makecert(1),cert2spc(1)
95
96
97
98                                                                Mono(signcode)
Impressum