Announcement

**StevenS** · 02-18-2020, 08:08 AM

FYI, for others coming here. If you need more parameters on your signtool command, you will have to modify this helper batch file.

For my use, previously, I signed files with:

Code:

signtool.exe sign /a /s my /t http://timestamp.verisign.com/scripts/timstamp.dll /v %1
signtool.exe sign /a /s my /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td sha256 /as /v %1

to get this to work using SUF, I had to make the helper batch file as follows:

Code:

@ECHO OFF
set adtl_args=%1 %2 %3 %4 %5
shift
shift
shift
shift
shift
/path/to/signtool.exe sign %adtl_args% %1 %2 %3 %4 %5 %6 %7

This was because on the SHA-256 signing, each of my additional arguments setup below got passed as separate parameters to the batch file which pushed it over the max of 9 arguments without using the shift command.

My SHA-1 additional arguments setup in SUF as:

Code:

/a /s my /v

and my SHA-256 additional arguments setup in SUF as:

Code:

/a /s my /as /v /fd SHA256

This re-orders the parameters being sent to signtool but it did still work.

**artistscope** · 11-11-2020, 12:55 AM

I have only just now got to catch up here.

/a /t [SHA-1 timestaming url] [full path of *.tmp file]
/a /tr [SHA-256 timestaming url] /td sha256 [full path of *.tmp file]

Shouldn't that be "timestamping"?

**artistscope** · 11-11-2020, 01:00 AM

Originally posted by StevenS View Post

had to make the helper batch file as follows:

Can you please post the complete .bat file?

**artistscope** · 12-18-2020, 06:36 PM

Using the StevenS example I was getting an error... /d option requires a parameter. Yet I do have Description and Description URL set.

The problem was too many parameters. So for SHA-256 I used...

/a /as /v

But I had to input the password twice, even though I didn't nominate SHA1... when I did do that I had to input password 4 times!

Announcement

Code signing from Token

Comment

Comment

Comment

Comment