Sign Windows executables and installers from a Mac or a machine with osslsigncode installed.
Works with .pem
, .p12
, and .pfx
code signing files.
Signs with sha1
and sha256
signatures by default.
npm install --save-dev signcode
var signcode = require('signcode')
var options = {
cert: '/Users/kevin/certs/cert.pem',
key: '/Users/kevin/certs/key.pem',
overwrite: true,
path: '/Users/kevin/apps/myapp.exe'
}
signcode.sign(options, function (error) {
if (error) {
console.error('Signing failed', error.message)
} else {
console.log(options.path + ' is now signed')
}
})
signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
if (error) {
console.error('Not signed', error.message)
} else {
console.log(options.path + ' is signed')
}
})
Name | Type | Required | Description |
---|---|---|---|
cert |
String |
Yes | Path to a certificate file. |
path |
String |
Yes | File path to executable to sign. |
hash |
Array |
No | Signature types to sign the executable with. Defaults to ['sha1', 'sha256'] . |
key |
String |
No | Path to a .pem key file. Only required if cert is a .pem file. |
name |
String |
No | Product name to include in the signature. |
overwrite |
Boolean |
No | true to sign the executable in place, false to write the signed file at the same path but with -signed at the end of it. Defaults to false . |
password |
String |
No | Password to the certificate or key. |
passwordPath |
String |
No | Path to a file containing the password for the certificate or key. |
site |
String |
No | Website URL to include in the signature. |
useLocal |
Boolean |
No | true to use a locally installed version of osslsigncode (Linux anyone?). |
Name | Type | Required | Description |
---|---|---|---|
path |
String |
Yes | File path to executable to verify. |
hash |
String |
No | Certificate fingerprint to expect on executable. |
signcode sign /Users/kevin/apps/myapp.exe \
--cert /Users/kevin/certs/cert.p12 \
--prompt \
--name 'My App' \
--url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe
Run signcode -h
to see all the supported options.
These commands are helpful when working with certificates.
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem
openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256