1Mono(signcode) Mono(signcode)
2
3
4
6 signcode - Digitally sign an PE executable using an X.509 certificate.
7
9 signcode [options] filename
10
12 Digitally sign an PE executable (CLR assembly, Win32 EXE or DLL) using
13 an X.509 certificate and it's associated private key. The signature is
14 compatible with Authenticode(r) and can be validated with chktrust
15 (either on Windows or on any platform supported by Mono).
16
18 -spc spcfile
19 The Software Publisher File (spc) that contains the X.509 cer‐
20 tificate chain used to digitally sign the PE executable.
21
22 -v pvkfile
23 The Private Key File (pvk) that contains the private key used to
24 digitally sign the PE executable. This private key must match
25 the public key inside the publisher X.509 certificate.
26
27 -a sha1 | md5
28 The hash algorithm used in the digital signature of the PE exe‐
29 cutable. The default algorithm is SHA1.
30
31 -$ individual | commercial
32 Add information about the publisher, i.e. if the signature is
33 generated by an individual or a commercial entity.
34
35 -n description
36 Add a textual description of the signed file.
37
38 -i url Add a URL associated to the publisher or the signed file.
39
40 -t url URL to a timestamp service to countersign the PE executable.
41 Countersignature is required if you want the PE executable sig‐
42 nature to be valid after the publisher certificate expires. The
43 countersignature proves that the publisher had a valid (non-
44 expired) certificate when the PE executable was signed.
45
46 -tr # Number of retries to get a timestamp for the countersignature.
47
48 -tw # Delay (in seconds) between the retries to get a timestamp for
49 the countersignature.
50
51 -k name
52 CryptoAPI key container name (when not using -v).
53
54 -p name
55 CryptoAPI provider name (when not using -v).
56
57 -y # CryptoAPI provider type (when not using -v or -p).
58
59 -ky signature | exchange | #
60 CryptoAPI key type (when not using -v).
61
62 -r localMachine | currentUser
63 CryptoAPI key location (when not using -v).
64
65 -help , -h , -? , /?
66 Display help about this tool.
67
69 Assemblies are PE files that can also be strongnamed using the sn.exe
70 tool. The order of code signature is important if a file requires both
71 an Authenticode and a strongname signature. Strongname must be applied
72 before the Authenticode signature. Applying a strongname after the
73 Authenticode signature, like re-signing an assembly (e.g. delay-sign),
74 will invalidate the Authenticode signature.
75
77 signcode cannot generate Authenticode signatures for CAB files.
78
80 Written by Sebastien Pouliot
81
83 Copyright (C) 2003 Motus Technologies. Copyright (C) 2004 Novell.
84 Released under BSD license.
85
87 Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for
88 details.
89
91 Visit http://www.mono-project.com for details
92
94 chktrust(1),[22mmakecert(1),cert2spc(1)
95
96
97
98 Mono(signcode)