Today I'm coming with an interesting post about signing your Delphi applications (win32) with Microsoft Signtool. The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path. SignTool is available as part of the Windows SDK, which you can download from here.
With few steps I'll show you how to create PKCS#12 certificate with OpenSSL for windows and how to import this certificate into your applications. In most occasions we should use the certificate as a means of identifying the author of an application and establishing trust relationships between applications.
Creating a PKCS#12 certificate with OpenSSL:
Once I have installed OpenSSL on your machine, we need to run the following commands to create the certificate. To create a PKCS#12 certificate, you’ll need a private key and a certificate, so first of all, let´s create the certificate and the private key:
# create a file containing key and self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
Now we are ready to generate the .pfx file (.PFX file (Personal Information Exchange format) is the file containing both a public (.cer file) and a private (.pvk file) keys) with myCert.pem:
# export mycert.pem as PKCS#12 file, mycert.pfx
openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "My Certificate"
You'll be asked to enter a password for your certificate.
Importing the certificate with Signtool:
Now copy the mycert.pfx file into the folder where your executable is placed and run the following command with Signtool:
Signtool sign /f mycert.pfx /p password thundaxballsdemo.exe
Now if we check our application it will be digitally signed with our certificate:
Then you can install this certificate into the "windows trusted certification store".
- How to create your own code signing certificate and sign an ActiveX component in Windows.
- Using Signtool to sign a file.
- OpenSSL commands.
- Windows code with Microsoft Signtool.