自动化扩展验证 (EV) 代码签名 [英] Automate Extended Validation (EV) code signing
问题描述
我们最近购买了 DigiCert EV 代码签名证书.我们可以使用 signtool.exe 对 .exe 文件进行签名.但是,每次我们签署文件时,它都会提示输入 SafeNet eToken 密码.
We recently purchased a DigiCert EV code signing certificate. We are able to sign .exe files using signtool.exe. However, every time we sign a file, it prompts for the SafeNet eToken password.
我们如何在无需用户干预的情况下通过在某处存储/缓存密码来自动化此过程?
How can we automate this process, without user intervention, by storing/caching the password somewhere?
推荐答案
扩展此线程中已有的答案,可以使用 microsoft 的标准 signtool 程序提供令牌密码.
Expanding on answers already in this thread, it is possible to provide the token password using the standard signtool program from microsoft.
<强>0.在高级视图中打开 SafeNet 客户端
安装路径可能不同,但对我来说,SafeNet 客户端安装到:C:Program FilesSafeNetAuthenticationSACx64SACTools.exe
Install paths may vary, but for me the SafeNet client is installed to: C:Program FilesSafeNetAuthenticationSACx64SACTools.exe
点击右上角的齿轮图标打开高级视图".
Click the gear icon in the upper right to open "advanced view".
1.将您的公共证书从 SafeNet 客户端导出到文件
<强>2.查找您的私钥容器名称
3.找到您的读者姓名
4.一起格式化
eToken CSP 具有隐藏(或至少没有广泛宣传)的功能,可以从容器名称中解析出令牌密码.
The eToken CSP has hidden (or at least not widely advertised) functionality to parse the token password out of the container name.
格式为以下之一
[]=name
[reader]=name
[{{password}}]=name
[reader{{password}}]=name
地点:
reader是 SafeNet 客户端 UI 中的Reader 名称"password是你的令牌密码name是 SafeNet 客户端 UI 中的容器名称"
readeris the "Reader name" from the SafeNet Client UIpasswordis your token passwordnameis the "Container name" from the SafeNet Client UI
如果您连接了多个阅读器,您可能必须指定阅读器名称 - 因为我只有一个阅读器,我无法确认这一点.
Presumably you must specify the reader name if you have more than one reader connected - as I only have one reader I cannot confirm this.
5.将信息传递给signtool
/f certfile.cer/csp "eToken Base Cryptographic Provider"/k "<第 4 步的值>"- 您需要的任何其他 signtool 标志
signtool 命令示例如下
Example signtool command as follows
signtool sign /f mycert.cer /csp "eToken Base Cryptographic Provider" /k "[{{TokenPasswordHere}}]=KeyContainerNameHere" myfile.exe
从这个答案中获取的一些图片:https://stackoverflow.com/a/47894907/5420193
Some Images taken from this answer: https://stackoverflow.com/a/47894907/5420193
这篇关于自动化扩展验证 (EV) 代码签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
