Skip to content

Codesign Windows executables from a Mac or machine with osslsigncode installed

Notifications You must be signed in to change notification settings

payne8/signcode

 
 

Repository files navigation

signcode

Travis Build Status js-standard-style npm downloads

Sign Windows executables and installers from a Mac or a machine with osslsigncode installed.

Works with .pem, .p12, and .pfx code signing files.

Signs with sha1 and sha256 signatures by default.

Installing

npm install --save-dev signcode

Using

var signcode = require('signcode')

var options = {
  cert: '/Users/kevin/certs/cert.pem',
  key: '/Users/kevin/certs/key.pem',
  overwrite: true,
  path: '/Users/kevin/apps/myapp.exe'
}

signcode.sign(options, function (error) {
  if (error) {
    console.error('Signing failed', error.message)
  } else {
    console.log(options.path + ' is now signed')
  }
})

signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
  if (error) {
    console.error('Not signed', error.message)
  } else {
    console.log(options.path + ' is signed')
  }
})

Signing Options

Name Type Required Description
cert String Yes Path to a certificate file.
path String Yes File path to executable to sign.
hash Array No Signature types to sign the executable with. Defaults to ['sha1', 'sha256'].
key String No Path to a .pem key file. Only required if cert is a .pem file.
name String No Product name to include in the signature.
overwrite Boolean No true to sign the executable in place, false to write the signed file at the same path but with -signed at the end of it. Defaults to false.
password String No Password to the certificate or key.
passwordPath String No Path to a file containing the password for the certificate or key.
site String No Website URL to include in the signature.
useLocal Boolean No true to use a locally installed version of osslsigncode (Linux anyone?).

Verification Options

Name Type Required Description
path String Yes File path to executable to verify.
hash String No Certificate fingerprint to expect on executable.

Command Line Example

signcode sign /Users/kevin/apps/myapp.exe \
  --cert /Users/kevin/certs/cert.p12 \
  --prompt \
  --name 'My App' \
  --url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe

Run signcode -h to see all the supported options.

Cert helpers commands

These commands are helpful when working with certificates.

Create cert and key with no password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Create cert and key with a password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

Create a p12 with no password

openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem

Show fingerprint of a cert

openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256

About

Codesign Windows executables from a Mac or machine with osslsigncode installed

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 98.7%
  • Shell 1.3%