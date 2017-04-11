Sign Windows executables and installers from a Mac.
Works with
.pem,
.p12, and
.pfx code signing files.
Signs with
sha1 and
sha256 signatures by default.
npm install --save-dev signcode
var signcode = require('signcode')
var options = {
cert: '/Users/kevin/certs/cert.pem',
key: '/Users/kevin/certs/key.pem',
overwrite: true,
path: '/Users/kevin/apps/myapp.exe'
}
signcode.sign(options, function (error) {
if (error) {
console.error('Signing failed', error.message)
} else {
console.log(options.path + ' is now signed')
}
})
signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
if (error) {
console.error('Not signed', error.message)
} else {
console.log(options.path + ' is signed')
}
})
|Name
|Type
|Required
|Description
cert
String
|Yes
|Path to a certificate file.
path
String
|Yes
|File path to executable to sign.
hash
Array
|No
|Signature types to sign the executable with. Defaults to
['sha1', 'sha256'].
key
String
|No
|Path to a
.pem key file. Only required if
cert is a
.pem file.
name
String
|No
|Product name to include in the signature.
overwrite
Boolean
|No
true to sign the executable in place,
false to write the signed file at the same path but with
-signed at the end of it. Defaults to
false.
password
String
|No
|Password to the certificate or key.
passwordPath
String
|No
|Path to a file containing the password for the certificate or key.
site
String
|No
|Website URL to include in the signature.
|Name
|Type
|Required
|Description
path
String
|Yes
|File path to executable to verify.
hash
String
|No
|Certificate fingerprint to expect on executable.
signcode sign /Users/kevin/apps/myapp.exe \
--cert /Users/kevin/certs/cert.p12 \
--prompt \
--name 'My App' \
--url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe
Run
signcode -h to see all the supported options.
These commands are helpful when working with certificates.
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem
openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256