94 lines
3.1 KiB
Groff
94 lines
3.1 KiB
Groff
|
.\"
|
||
|
.\" signcode manual page.
|
||
|
.\" Copyright 2003 Motus Technologies
|
||
|
.\" Copyright 2004 Novell
|
||
|
.\" Author:
|
||
|
.\" Sebastien Pouliot (sebastien@ximian.com)
|
||
|
.\"
|
||
|
.TH Mono "signcode"
|
||
|
.SH NAME
|
||
|
signcode \- Digitally sign an PE executable using an X.509 certificate.
|
||
|
.SH SYNOPSIS
|
||
|
.PP
|
||
|
.B signcode [options] filename
|
||
|
.SH DESCRIPTION
|
||
|
Digitally sign an PE executable (CLR assembly, Win32 EXE or DLL) using an
|
||
|
X.509 certificate and it's associated private key. The signature is compatible
|
||
|
with Authenticode(r) and can be validated with chktrust (either on Windows or
|
||
|
on any platform supported by Mono).
|
||
|
.SH OPTIONS
|
||
|
.TP
|
||
|
.I "-spc spcfile"
|
||
|
The Software Publisher File (spc) that contains the X.509 certificate chain
|
||
|
used to digitally sign the PE executable.
|
||
|
.TP
|
||
|
.I "-v pvkfile"
|
||
|
The Private Key File (pvk) that contains the private key used to digitally
|
||
|
sign the PE executable. This private key must match the public key inside the
|
||
|
publisher X.509 certificate.
|
||
|
.TP
|
||
|
.I "-a md5 | sha1"
|
||
|
The hash algorithm used in the digital signature of the PE executable. The
|
||
|
default algorithm is MD5.
|
||
|
.TP
|
||
|
.I "-$ individual | commercial"
|
||
|
Add information about the publisher, i.e. if the signature is generated by an
|
||
|
individual or a commercial entity.
|
||
|
.TP
|
||
|
.I "-n description"
|
||
|
Add a textual description of the signed file.
|
||
|
.TP
|
||
|
.I "-i url"
|
||
|
Add a URL associated to the publisher or the signed file.
|
||
|
.TP
|
||
|
.I "-t url"
|
||
|
URL to a timestamp service to countersign the PE executable. Countersignature
|
||
|
is required if you want the PE executable signature to be valid after the
|
||
|
publisher certificate expires. The countersignature proves that the publisher
|
||
|
had a valid (non-expired) certificate when the PE executable was signed.
|
||
|
.TP
|
||
|
.I "-tr #"
|
||
|
Number of retries to get a timestamp for the countersignature.
|
||
|
.TP
|
||
|
.I "-tw #"
|
||
|
Delay (in seconds) between the retries to get a timestamp for the countersignature.
|
||
|
.TP
|
||
|
.I "-k name"
|
||
|
CryptoAPI key container name (when not using -v).
|
||
|
.TP
|
||
|
.I "-p name"
|
||
|
CryptoAPI provider name (when not using -v).
|
||
|
.TP
|
||
|
.I "-y #"
|
||
|
CryptoAPI provider type (when not using -v or -p).
|
||
|
.TP
|
||
|
.I "-ky signature | exchange | #"
|
||
|
CryptoAPI key type (when not using -v).
|
||
|
.TP
|
||
|
.I "-r localMachine | currentUser"
|
||
|
CryptoAPI key location (when not using -v).
|
||
|
.TP
|
||
|
.I "-help", "-h", "-?", "/?"
|
||
|
Display help about this tool.
|
||
|
.SH OTHER CODE SIGNING TECHNOLOGIES
|
||
|
Assemblies are PE files that can also be strongnamed using the sn.exe tool. The
|
||
|
order of code signature is important if a file requires both an Authenticode
|
||
|
and a strongname signature. Strongname must be applied before the Authenticode
|
||
|
signature. Applying a strongname after the Authenticode signature, like
|
||
|
re-signing an assembly (e.g. delay-sign), will invalidate the Authenticode
|
||
|
signature.
|
||
|
.SH KNOWN RESTRICTIONS
|
||
|
signcode cannot generate Authenticode signatures for CAB files.
|
||
|
.SH AUTHOR
|
||
|
Written by Sebastien Pouliot
|
||
|
.SH COPYRIGHT
|
||
|
Copyright (C) 2003 Motus Technologies.
|
||
|
Copyright (C) 2004 Novell.
|
||
|
Released under BSD license.
|
||
|
.SH MAILING LISTS
|
||
|
Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.
|
||
|
.SH WEB SITE
|
||
|
Visit http://www.mono-project.com for details
|
||
|
.SH SEE ALSO
|
||
|
.BR chktrust(1), makecert(1), cert2spc(1)
|