I refreshed my Windows 10 development PC the other day. I tend to do a refresh about once every three months to keep things tidy. It’s usually quite straight forward getting all my apps and documents back to the way I like them except, that is, for Microsoft’s signtool.exe. For some reason it always seems to take way longer than what I would have thought is reasonable for such a simple tool. There doesn’t seem to be a Microsoft download that just installs signtool.exe and its dependencies so I always end up Googling, downloading and installing some other monstrosity just to get signtool.exe installed as a side effect. The whole idea of refreshing my PC every three months is to keep it tidy. I want to keep things to a minimum. So installing something massive that I don’t need just to get something small that I do need is a little frustrating.
This time, I thought, I would try something else. I have been enjoying Bash on Ubuntu on Windows ever since it was released so I thought I would see if there was a Linux signing tool that I could use instead of Microsoft’s signtool.exe. Thank you Google and stackoverflow.com, sure enough there is; osslsigncode:
sudo apt-get install osslsigncode
Now, from Bash on Ubuntu on Windows I can sign my Windows applications with something like:
osslsigncode sign -pkcs12 "/mnt/c/path/to/certificate.p12" -pass "certificate password" -n "My Application Name" -i "https://www.mywebsite.com" -t "http://timestamp.comodoca.com/authenticode" -in "/mnt/c/path/to/executable.exe" -out "/mnt/c/path/to/executable.exe"