How to make an app - Andromo App Maker


No announcement yet.

Code signing from Token

  • Filter
  • Time
  • Show
Clear All
new posts

  • Code signing from Token

    Updated my Code Signing cert yesterday after my 3 year cert expired. But things have changed and the new cert is stored on a USB Smart Card (token). So today I am scratching my head about how I can use this like I did with .pfx... signing from within Setup Factory.

    Any ideas?
    ArtistScope - Copy Protection & DRM Software

  • #2
    I answered this here. Perhaps this helps.



    • #3
      The process seems to be the same, ie: running SignTool from the Windows SDK. The only change needed is being able to select a cert from the Store (instead of path to PFX) which is where the USB token can be found.
      ArtistScope - Copy Protection & DRM Software


      • #4
        If it is any help a good video tutorial is at
        ArtistScope - Copy Protection & DRM Software


        • #5
          The SafeNet Authentication Client that you see in the video is merely the USB Driver prompting for password when required.

          The command-line used would be like:
          cd C:\Program Files (x86)\Windows Kits\8.1\bin\x86\
          signtool sign /a /tr /td SHA256 MyApp.exe
          ArtistScope - Copy Protection & DRM Software


          • #6
            I am looking forward to a followup and solution for this problem. Having to use Signtool separately after each SUF compile is a RPIA.

            More and more developers must now be forced to use Cert Tokens because PFX certs are no longer issued. Now all of must use Tokens as our certs get renewed.

            Most developers like myself will only have one cert and after installing the token software, that cert will be installed as the default code-signing cert. I'll upload a short video soon showing how easy it is to locate.
            ArtistScope - Copy Protection & DRM Software


            • #7
              This video show SignTool using the Token cert. As you can see it finds and loads the default cert no problem. Surely the SUF codesign option can be modified to do this... after all PFX certs are now obsolete. Also, a good reason for everyone to have to upgrade SUF to the latest version :-)


              If you don't have a Token cert and that is the reason for not being able to write/test a new script, I am willing to make my desktop available via TeamViewer to help.

              ArtistScope - Copy Protection & DRM Software


              • #8
                Assuming you're using a version of SUF that supports SHA-256 signing, you should still be able to sign within SUF using SignTool (or another third party tool) instead of separately even without a certificate file. So in that case you would just leave it blank and specify the arguments you want to pass to SignTool in the "Additional arguments" field. You can find further information in SUF's help topic for the dialog:


                You can also find SignTool's supported arguments at the following page:


                When building you can see the full command passed to SignTool in the setup's build log for debugging purposes. So if it isn't working, perhaps you can provide further information about what you are using and what's occurring.
                Indigo Rose Corporation

                Product Guides: AMS80 | SUF9 | TU30 | VP30 |MSIFACT |DeltaMAX