Description

DigiSign is a command line tool provided with the Advanced Installer distribution that can be used to digitally sign the authored setup packages.

digisign.exe command line has the following structure:

digisign.exe command [options] <files_to_process_paths>

DigiSign applies the specified command to the provided files. The following commands are supported:

  • sign - Digitally sign the provided files.
  • timestamp - Apply a timestamp to the provided files.
  • /? - Provide general help information about digisign tool. This command does not accept any options or files.

DigiSign has the following command line options:

  • /a - Automatically selects from the personal certificate store (MY store) the most suited certificate for the signing task.
  • /f <certificate_file_path> - Specifies a file that contains the certificate that will be used for signing. Several formats for certificate files are accepted like .pfx and .cer.
  • /p <password> - Provides a password that is needed to open the specified .pfx file.
  • /pvk <private_key_file_path> - Specifies a .pvk file that contains the private key for the certificate specified by a .cer file.
  • /sha1 <certificate_thumbprint> - Selects from personal certificate store (MY store) the certificate that has the provided SHA1 thumbprint.
  • /t <timestamp_server_url> - Applies a time stamp to the files that should be processed. The timestamp is provided by an authenticode timestamp server from the included URL.
  • /d <description> - Add a description to the signature.
  • /du <description_url> - Add an URL to the description. Description will be presented to the user by the Windows operating system when the setup package installs the application.
  • /? - Provide information about the command. No operation is performed on files, only help is provided.

NoteOptions /t and /? can be used for both commands sign and timestamp. The rest of options can be used only for sign.

Examples

digisign.exe sign /a your_application.exe

Signs your_application.exe file using the most suited certificate from personal store.

digisign.exe sign /f "Your Certificate.pfx" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "Your Application.msi"

Signs the setup package "Your Application.msi" using the certificate from the "Your Certificate.pfx" file and applies an Authenticode timestamp provided by a Verisign server.

digisign.exe sign /sha1 "644019b97e952e54f7fb84baced1b50dcac7e100" /d "Your Company" /du "Your Company Url" "Your Application.msi"

Digitally signs "Your Application.msi" setup package using the certificate from personal store that has the thumbprint "644019b97e952e54f7fb84baced1b50dcac7e100". A description that contains the text "Your Company" and URL "Your Company Url" is also provided.

digisign.exe timestamp /t "http://timestamp.verisign.com/scripts/timstamp.dll" "C:\Your Company\Your App.exe"

Applies Authenticode timestamp provided by Verisign server to "Your App.exe".

digisign.exe timestamp /?

Provides help information about the timestamp command.