Tuesday, February 24, 2015

Digitally Signing a WinZip Self-Extractor Executable

If you are looking for guidance on signing an executable created using WinZip Self-Extractor, unfortunately, WinZip does not provide you with much guidance other than pointing you to Microsoft's Authenticode website: http://kb.winzip.com/kb/entry/118/#codesign

Fortunately, WinZip Self-Extractor Executables can be readily signed using Microsoft's SignTool executable.

In fact, this process can actually be automated using MSBuild to digitally sign your WinZip Self-Extractor Executables as in the following MSBuild script:
<Target Name="DigitallySignPackage">
    <SignToolPath>&quot;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe&quot;</SignToolPath>
    <SigningArgs Include="sign" />
    <SigningArgs Include="/f $(CodeSigningCert)" />
    <SigningArgs Include="/p $(CodeSigningPassword)" />
    <SigningArgs Include="/t $(TimeStampServer)" />
    <SigningArgs Include="$(UnsignedExe)" />
  <Message Text="This is the name of the executable: $(UnsignedExe)" />
  <Exec Command="$(SignToolPath) @(SigningArgs, ' ')" />

No comments:

Post a Comment