Home » Software Security Blog » How to Sign Your Code Using EV Code Signing Certificate
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Signing Your Code With a Comodo EV Code Signing Certificate

After you’ve collected your certificate and successfully set up the SafeNet Authentication Client, you can now start signing your code or apps. The following are the steps you have to follow to successfully sign your code.

Before You Start Signing Code

There are a few requirements you need to meet in order to sign your code. So check the following before you begin the code signing process:

  • The first step is to complete the SafeNet setup process.
  • Make sure you are using a computer that runs on Windows.
  • Finally, make sure the Windows Development Kit is installed.

How To Sign Code With Your EV Code Signing Certificate

Now you are all set to move to the code signing process. Here are the steps involved:

  1. Start with plugging in the USB token you received in the package from Comodo in your system.
  2. You’ll then need to open the SafeNet Client.
  3. The next step is to open the Command Prompt.
  4. The following is the command you will need to copy and paste: signtool sign
    /tr https://timestamp.comodoca.com /td sha256 /fd sha256 /a "Insert_path_to_the_file_you_wish_to_sign "
  5. You will be prompted to enter the password after you enter the command and you have to enter it there.
  6. Your application will be signed after the password is entered.

Verifying Your Signed Application

You can now check if the code has been signed. It’s always a good idea to verify the signature before making your software available for download for your end-users.

  • To verify, open the folder in which the application is saved.
  • Locate the application, right-click on it, and click on properties.
  • You should see your EV Code Signing certificate details when you click on the Digital Signatures menu. This shows that your code is signed.

If you do not see the Digital Signatures menu, that indicates that the signing process was not successful. In that case, you’ll have to go through the signing process again.

Now, you are all set to distribute your application with your name on it for people to download and use.

Related Posts