NAME

       signcode - Digitally sign an PE executable using an X.509 certificate.

SYNOPSIS

       signcode [options] filename

DESCRIPTION

       Digitally  sign  an  PE  executable  (CLR assembly, Win32 EXE or DLL) using an X.509 certificate and it's
       associated private key. The signature is compatible  with  Authenticode(r)  and  can  be  validated  with
       chktrust (either on Windows or on any platform supported by Mono).

OPTIONS

       -spc spcfile
              The Software Publisher File (spc) that contains the X.509 certificate chain used to digitally sign
              the PE executable.

       -v pvkfile
              The Private Key File (pvk) that contains the private key used to digitally sign the PE executable.
              This private key must match the public key inside the publisher X.509 certificate.

       -a sha1 | md5
              The  hash  algorithm  used in the digital signature of the PE executable. The default algorithm is
              SHA1.

       -$ individual | commercial
              Add information about the publisher, i.e. if the signature is generated  by  an  individual  or  a
              commercial entity.

       -n description
              Add a textual description of the signed file.

       -i url Add a URL associated to the publisher or the signed file.

       -t url URL  to  a timestamp service to countersign the PE executable. Countersignature is required if you
              want the PE executable signature  to  be  valid  after  the  publisher  certificate  expires.  The
              countersignature  proves  that  the  publisher  had  a valid (non-expired) certificate when the PE
              executable was signed.

       -tr #  Number of retries to get a timestamp for the countersignature.

       -tw #  Delay (in seconds) between the retries to get a timestamp for the countersignature.

       -k name
              CryptoAPI key container name (when not using -v).

       -p name
              CryptoAPI provider name (when not using -v).

       -y #   CryptoAPI provider type (when not using -v or -p).

       -ky signature | exchange | #
              CryptoAPI key type (when not using -v).

       -r localMachine | currentUser
              CryptoAPI key location (when not using -v).

       -help , -h , -? , /?
              Display help about this tool.

OTHER CODE SIGNING TECHNOLOGIES

       Assemblies are PE files that can also be strongnamed using the sn.exe tool. The order of  code  signature
       is  important  if  a  file  requires  both an Authenticode and a strongname signature. Strongname must be
       applied before the Authenticode signature. Applying a strongname after the Authenticode  signature,  like
       re-signing an assembly (e.g. delay-sign), will invalidate the Authenticode signature.

KNOWN RESTRICTIONS

       signcode cannot generate Authenticode signatures for CAB files.

AUTHOR

       Written by Sebastien Pouliot

COPYRIGHT

       Copyright (C) 2003 Motus Technologies.  Copyright (C) 2004 Novell.  Released under BSD license.

MAILING LISTS

       Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.

WEB SITE

       Visit http://www.mono-project.com for details

SEE ALSO

       chktrust(1),makecert(1),cert2spc(1)

                                                                                                  Mono(signcode)