[英]How do I Code Sign a Visual Studio project
I have a VB.Net Visual Studio 2015 project that creates an EXE file for people in-house.我有一个 VB.Net Visual Studio 2015 项目,它为内部人员创建一个 EXE 文件。 We've never needed to code sign before, but with our computers moving to Windows 10, we're getting alerts and warnings from Windows that the EXE isn't trusted.
我们以前从未需要进行代码签名,但是随着我们的计算机迁移到 Windows 10,我们收到了来自 Windows 的警报和警告,表明 EXE 不受信任。 The idea was brought up to code sign to application when it's built.
这个想法是在构建应用程序时提出的。
Currently, we're using an InstallShield installer for the EXE and it's files.目前,我们正在为 EXE 及其文件使用 InstallShield 安装程序。 I have a local test cert and private key/public key pair.
我有一个本地测试证书和私钥/公钥对。 At this point, though, I don't know how to code sign.
不过,此时我不知道如何编码签名。 I've used the Signing tab within the project's properties and options, but that does not sign the actual EXE.
我在项目的属性和选项中使用了签名选项卡,但这并没有对实际的 EXE 进行签名。 At least, SignTool doesn't think it's signed.
至少,SignTool 认为它没有签名。 And we're not looking to use ClickOnce to do this publishing or deployment.
我们不打算使用 ClickOnce 来执行此发布或部署。
Do I need to be doing this through a command line?我是否需要通过命令行执行此操作? Or is there a Visual Studio place to code sign?
或者是否有 Visual Studio 代码签名的地方?
EDIT: I know I can just do a post script to add the code signing, but I would have expected that Visual Studio had a way to put this in.编辑:我知道我可以做一个 post 脚本来添加代码签名,但我希望 Visual Studio 有办法把它放进去。
I put the following in the 'Post-build event command line' in Visual Studio. 我将以下内容放在Visual Studio中的“Post-build事件命令行”中。
"C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.15063.0\\x64\\signtool.exe" sign /v /sha1 {thumbprint} $(TargetPath) “C:\\ Program Files(x86)\\ Windows Kits \\ 10 \\ bin \\ 10.0.15063.0 \\ x64 \\ signtool.exe”sign / v / sha1 {thumbprint} $(TargetPath)
"C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.15063.0\\x64\\signtool.exe" timestamp /tr http://timestamp.comodoca.com/rfc3161 $(TargetPath) “C:\\ Program Files(x86)\\ Windows Kits \\ 10 \\ bin \\ 10.0.15063.0 \\ x64 \\ signtool.exe”timestamp / tr http://timestamp.comodoca.com/rfc3161 $(TargetPath)
The {thumbprint} is from your code-signing certificate, use IE to view the certificate, select the thumbprint and remove all the spaces. {thumbprint}来自您的代码签名证书,使用IE查看证书,选择指纹并删除所有空格。 This is for a code-signing certificate from Comodo (I purchased from http://ksoftware.net/ - Better pricing and certificate are issued by Comodo)
这是来自Comodo的代码签名证书(我从http://ksoftware.net/购买 - 更好的定价和证书由Comodo发布)
Note: your location of Signtool.exe may be different depending on version of SDK installed and version of Windows. 注意:您的Signtool.exe位置可能会有所不同,具体取决于安装的SDK版本和Windows版本。
I use this in my .csproj file to sign in release mode, will work on the server when we build as well as on my local builds我在我的 .csproj 文件中使用它来登录发布模式,当我们构建以及在我的本地构建时将在服务器上工作
<Target Name="PostBuild" AfterTargets="PostBuildEvent">
<Exec Command="signtool.exe sign /a /t http://timestamp.sectigo.com /fd SHA384 "$(TargetPath)"" Condition="$(ConfigurationName) == Release"/>
</Target>
this uses the "best" codesign certificate installed on my PC/server via the /a switch, I add the quotes as my path would generate a "file not found" error due to the spaces in the folder names of the build in the $(TargetPath) macro这使用通过 /a 开关安装在我的 PC/服务器上的“最佳”协同设计证书,我添加引号,因为我的路径会由于 $ 中构建的文件夹名称中的空格而生成“找不到文件”错误(TargetPath) 宏
I work with VS 2017 an very wonder, that this issue still exists.我在使用 VS 2017 时感到非常惊奇,这个问题仍然存在。
I have wasted over a full day to try bring it to work directly (only) with the VS IDE (without success).我已经浪费了一整天的时间来尝试将它直接(仅)与 VS IDE 一起工作(但没有成功)。
I ended up to add the following code (directly in the VS IDE) in the post build event to the project:我最终在后期构建事件中将以下代码(直接在 VS IDE 中)添加到项目中:
if $(ConfigurationName) == Release (signtool.exe sign /a /t http://timestamp.sectigo.com /fd sha256 "$(TargetPath)")
Means, that the signing only takes place in release mode and the cert is taken from the cert store of the machine automatically (no need to place a password / thumbprint in the code).意味着签名仅在发布模式下进行,并且证书会自动从机器的证书存储中获取(无需在代码中放置密码/指纹)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.