Digital Signature Page

This page can be used to digitally sign your Windows Store App package. In order to digitally sign the package, you will need a valid certificate.

Enable signing

Checking this checkbox will enable the actual signing of the package.

Software Publisher Certificate

Use certificate from system store

Choose one of the currently installed certificates.

<Most suited certificate> - When this value is selected, "SignTool.exe" will sign the files with the best certificate found in the system certificates store.

NoteTo view or manage certificates inside the system store, you can use certmgr.msc tool.

Use file from disk

When this option is selected the certificate used to sign the files is loaded from a local disk file. Every time you select this option, you will be prompted to select the path to the certificate from the hard-drive.

Certificate - This field contains the path on disk to the certificate. You can use the [ ... ] button in this field to select one from your hard-drive.

NotePFX certificates are recommended, you can use either pvkimprt or pvk2pfx to create a PFX certificate from the SPC and PVK files. If the PFX file is protected with a password, the “Selected certificate requires password. Select how to transmit it to signing tool:” section will be visible.

  • pvkimprt can be downloaded from this page. Following the link from the page will download an .EXE archive containing the pvkimprt installation setup. To install, first extract the setup and then run the installation from the extract location.
  • pvk2pfx is available as part of the Platform SDK.

Private Key - In this field you can set the “Private Key”. You can use the [ ... ] button to select one from your hard-drive. PFX certificates do not have a separate private key file, thus this field is hidden by default.

Enter password each time project is built - You will be prompted to enter the password when the AppX package is built.

NoteAdvanced Installer caches the password for PFX files and hence you will be prompted for the password only once.

Store encrypted password in project file - The encrypted password will be stored in the project and used at build time to sign the installation files. This option is useful for unattended builds.

Password - The password for the PFX certificate.

Confirm password - Confirm the PFX certificate password.

Signature Properties

Signature properties are required to display the exact AppX package name on the UAC prompt.

Description

This field contains the signed content's description. It will be showed by the Windows UAC after you click the "Install" button.

Description URL

This field contains a URL for a complete description of the signed content. The URL will be used when the package is launched from an untrusted location (for example from the network) in the "Open File - Security Warning" dialog, where the "Name" field will become a link to the URL you specified.

Time Stamp URL

A digital certificate has a validity period. After that period expires the signed code is not considered certified anymore. To prevent that a Time Stamp can be placed at the signing time which will show that the certificate was valid when the signing was done.

The “Time Stamp URL” specifies the URL of the time stamp server. This URL points to a DLL located on a server that is used for this purpose. An example of such a server (provided in MSDN) is:
http://timestamp.verisign.com/scripts/timstamp.dll.

NoteSigning AppX packages is supported only on Windows 8 or later OS.