yzb-signcode
v1.0.2
Published
Sign Windows executables from a Mac
Downloads
3
Readme
signcode
Sign Windows executables and installers from a Mac.
Works with .pem
, .p12
, and .pfx
code signing files.
Signs with sha1
and sha256
signatures by default.
Installing
npm install --save-dev signcode
Using
var signcode = require('signcode')
var options = {
cert: '/Users/kevin/certs/cert.pem',
key: '/Users/kevin/certs/key.pem',
overwrite: true,
path: '/Users/kevin/apps/myapp.exe'
}
signcode.sign(options, function (error) {
if (error) {
console.error('Signing failed', error.message)
} else {
console.log(options.path + ' is now signed')
}
})
signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
if (error) {
console.error('Not signed', error.message)
} else {
console.log(options.path + ' is signed')
}
})
Signing Options
| Name | Type | Required | Description |
| :------------- | :-------- | :------- | :-------------------------- |
| cert
| String
| Yes | Path to a certificate file. |
| path
| String
| Yes | File path to executable to sign. |
| hash
| Array
| No | Signature types to sign the executable with. Defaults to ['sha1', 'sha256']
. |
| key
| String
| No | Path to a .pem
key file. Only required if cert
is a .pem
file. |
| name
| String
| No | Product name to include in the signature. |
| overwrite
| Boolean
| No | true
to sign the executable in place, false
to write the signed file at the same path but with -signed
at the end of it. Defaults to false
. |
| password
| String
| No | Password to the certificate or key. |
| passwordPath
| String
| No | Path to a file containing the password for the certificate or key. |
| site
| String
| No | Website URL to include in the signature. |
Verification Options
| Name | Type | Required | Description |
| :------------- | :-------- | :------- | :-------------------------- |
| path
| String
| Yes | File path to executable to verify. |
| hash
| String
| No | Certificate fingerprint to expect on executable. |
Command Line Example
signcode sign /Users/kevin/apps/myapp.exe \
--cert /Users/kevin/certs/cert.p12 \
--prompt \
--name 'My App' \
--url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe
Run signcode -h
to see all the supported options.
Cert helpers commands
These commands are helpful when working with certificates.
Create cert and key with no password
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes
Create cert and key with a password
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem
Create a p12 with no password
openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem
Show fingerprint of a cert
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256