-
Take note of the paths to the following components:
-
The SignTool executable from the Windows SDK.
-
The Azure.CodeSigning.Dlib.dll extracted from the Trusted Signing dlib package.
-
Your JSON metadata file.
-
-
Execute the SignTool command using PowerShell or Command Prompt. Replace the placeholders with your actual paths and target file:
"<Path to SDK bin folder>\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "<Path to dlib>\x64\Azure.CodeSigning.Dlib.dll" /dmdf "<Path to metadata file>\metadata.json" <File to sign>
Note: Trusted Signing certificates are valid for only three days. To ensure that your signature remains valid after this period, it is critical to apply a trusted timestamp during the signing process. This allows the signature to be verifiable even after the certificate has expired.
