Quickstart

The Microsoft SignTool is a command-line CryptoAPI tool, used to digitally-sign, verify or timestamp files, codes, libraries and documents. It is part of the Microsoft Windows Software Development Kit (SDK) or of the Microsoft Visual Studio developer environment.

This quickstart section provides a comprehensive guide outlining the steps necessary to integrate MS SignTool with Securosys CloudHSM or on-premises Primus HSM.

Primus CNG/KSP Provider

Refer to the Primus MS CNG Provider documentation on how to download, install and configure the Primus CNG/KSP Provider.

note

Ensure the CNG API is licensed and activated on your HSM device.

Installing new Signing key & Certificate

Follow the instruction provided in Installation. Make sure to adhere to the Prerequisites.

Prepare the signing key request sample request.inf file,
generate the signing key and self-signed certificate with the previously created request file,
generate the signing key and public signed certificate with the request file,
validate your signing certificate.

Signing Files

Now you are ready to sign your files or timestamp codes, certificates, etc. using the Microsoft signtool.exe.

Follow the instructions provided in the Tutorial - Sign Files with MS-Signtool to:

Sign an example application,
Verify the signed application (file) either via CLI or GUI.

Quickstart

Primus CNG/KSP Provider​

Installing new Signing key & Certificate​

Signing Files​

Primus CNG/KSP Provider

Installing new Signing key & Certificate

Signing Files