Insert msbuild task to project for add sign to output files at Release build using signtool.exe.
This targets can sign to output file and publish file.
- Search signtool.exe automticaly
- Sign using pfx file and password.
- Sign using Azure Trust Signing.
- Sign in Github Actions.
- Support Dual sign (SHA1 + SHA256).
- Auto select multiple output files (exe+dll , exe+msi)
The signtool.exe must be installed, e.g., with the Windows SDK.
It must be possible to reference signtool from the developer command prompt.
If sign using Azure Trust Signing , need install Microsoft.Trusted.Signing.Client
You can change the settings by adding them in the project file.
<Project >
<PropertyGroup>
<SingTool_EnableSign_Build >true</SingTool_EnableSign_Build>
<SingTool_EnableSign_Publish >true</SingTool_EnableSign_Publish>
<SingTool_EnableSign_Nupkg >true</SingTool_EnableSign_Nupkg>
<SignTool_ExePath></SignTool_ExePath>
<SignTool_TimeStampServer></SignTool_TimeStampServer>
<SignTool_Algorithm_SHA1>false</SignTool_Algorithm_SHA1>
<SignTool_Algorithm_SHA256>true</SignTool_Algorithm_SHA256>
<SignTool_AutoSelect_Subject ></SignTool_AutoSelect_Subject>
<SignTool_AutoSelect_Issuer ></SignTool_AutoSelect_Issuer>
<!-- For use PFX and password -->
<SignTool_PFX ></SignTool_PFX>
<SignTool_Password ></SignTool_Password>
<!-- For use Azure Trust Signing -->
<SignTool_Dlib_Dll_Path ></SignTool_Dlib_Dll_Path>
<SignTool_Dlib_MetaJson_Path Condition></SignTool_Dlib_MetaJson_Path Condition>
<!-- https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-sign?WT.mc_id=DT-MVP-5000708 -->
<SignTool_Nupkg_FingerPrint></SignTool_Nupkg_FingerPrint>
<SignTool_Nupkg_SubjectName></SignTool_Nupkg_SubjectName>
<SignTool_Nupkg_StoreName></SignTool_Nupkg_StoreName>
<SignTool_Nupkg_StoreLocation></SignTool_Nupkg_StoreLocation>
<SignTool_Nupkg_Pfx_Path></SignTool_Nupkg_Pfx_Path>
<SignTool_Nupkg_Password></SignTool_Nupkg_Password>
</PropertyGroup>
<ItemDefinitionGroup>
<SignTool_InputFiles Include="filepath1" />
<SignTool_InputFiles Include="filepath2" />
</ItemDefinitionGroup>
<Target Name="Your Target Name" BeforeTargets="Build" >
<ItemDefinitionGroup>
<SignTool_InputFiles Include="filepath3" />
<SignTool_InputFiles Include="filepath4" />
</ItemDefinitionGroup>
</Target>-
SignTool_ExePath
Path to use signtool.exe in any location If not set, use signtool.exe which can be referenced at developer command prompt -
SignTool_TimeStampServer
Url for timestamps server If not set, targets uses digicert's server. -
SignTool_Algorithm_SHA1
If set to true, sign with SHA1 -
SignTool_Algorithm_SHA256
If set to true, sign with SHA256This target sign multiple signatures to one file if SHA1 and SHA256 are enabled.
-
SignTool_InputFiles
If there are additional files to be signed, specify the path in Incldue.If the files does not exist before the project file is evaluated, it must be specified in custom target executed before the build
-
.exe
-
.dll
-
.ocx
-
.scr
-
.sys
-
.cab
-
.cat
-
.efi
-
PE files
- .msi
- .ps1
- .vbs
- .vbe
- .js (JScript)
- .msix
- .msixbundle
- .appx
- .appxbundle