signcode

Sign Windows executables from a Mac

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
signcode
41111.0.07 years ago8 years agoMinified + gzip package size for signcode in KB

Readme

signcode
Travis Build Status js-standard-style npm downloads
Sign Windows executables and installers from a Mac.
Works with .pem, .p12, and .pfx code signing files.
Signs with sha1 and sha256 signatures by default.

Installing

npm install --save-dev signcode

Using

var signcode = require('signcode')

var options = {
  cert: '/Users/kevin/certs/cert.pem',
  key: '/Users/kevin/certs/key.pem',
  overwrite: true,
  path: '/Users/kevin/apps/myapp.exe'
}

signcode.sign(options, function (error) {
  if (error) {
    console.error('Signing failed', error.message)
  } else {
    console.log(options.path + ' is now signed')
  }
})

signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
  if (error) {
    console.error('Not signed', error.message)
  } else {
    console.log(options.path + ' is signed')
  }
})

Signing Options

| Name | Type | Required | Description | | :------------- | :-------- | :------- | :-------------------------- | | cert | String | Yes | Path to a certificate file. | | path | String | Yes | File path to executable to sign. | | hash | Array | No | Signature types to sign the executable with. Defaults to ['sha1', 'sha256']. | | key | String | No | Path to a .pem key file. Only required if cert is a .pem file. | | name | String | No | Product name to include in the signature. | | overwrite | Boolean | No | true to sign the executable in place, false to write the signed file at the same path but with -signed at the end of it. Defaults to false. | | password | String | No | Password to the certificate or key. | | passwordPath | String | No | Path to a file containing the password for the certificate or key. | | site | String | No | Website URL to include in the signature. |

Verification Options

| Name | Type | Required | Description | | :------------- | :-------- | :------- | :-------------------------- | | path | String | Yes | File path to executable to verify. | | hash | String | No | Certificate fingerprint to expect on executable. |

Command Line Example

signcode sign /Users/kevin/apps/myapp.exe \
  --cert /Users/kevin/certs/cert.p12 \
  --prompt \
  --name 'My App' \
  --url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe

Run signcode -h to see all the supported options.

Cert helpers commands

These commands are helpful when working with certificates.

Create cert and key with no password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Create cert and key with a password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

Create a p12 with no password

openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem

Show fingerprint of a cert

openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1

openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256