Sign multiple files with signtool.exe
Question
I have a digital cert bought from a third-party CA and I wanted to use it to sign software with a large number of library files/packages (.bpl). However, signing them one by one takes a lot of time and I am wondering is there any ways to allow me to use a shorter time to sign all the files?
The current command I am using to sign the files is as below:
signtool.exe sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a "Insert_path_to_the_file_you_wish_to_sign"
1 answers
solution1
0 2021-02-12 18:00:58
I was signing multiple files using the signtool in a parallel loop. It seemed to work, but I noticed that our certificate provider (DigiCert) recommends that you avoid concurrent requests. https://dev.digicert.com/best-practices/
So instead, I'm now using the signtool in one command - passing in all the files in one command line argument. According to Microsoft's documentation, you can use an '|' between each file.
signtool [command] [options] [file_name |...]
https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
And maybe useful for someone, Digicert's DigiCertUtil uses '*' between each file.
Filenames is a list of files to be code signed. To specify more then one file, seperate each filename or file path with the asterisk character *. Enclose the file path with quotes if it contains spaces.
example: DigiCertUtil.exe sign /kernelDriverSigning "example.exe driver.sys" example: DigiCertUtil.exe sign /sha1 "054D9508B364A02A068FA5C6153847B6" "example.exe driver.sys"
Based on the recommendation to avoid concurrent requests, I'm assuming that even when specifying multiple files in either the SignTool or DigiCertUtil, the files will still be signed one at a time.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.