API / Library来替换signtool.exe [英] API/Library to replace signtool.exe

问题描述

Windows SDK附带了一个名为signtool.exe的工具，可让您使用证书签署文件。我需要做同样的事情，但在后台服务，所以我在寻找一个库（最好是托管代码，但COM会做）做同样的事情。任何想法？

The Windows SDK ships with a tool called signtool.exe that lets you sign a file with a certificate. I need to do the same thing but in a background service so I'm on the lookout for a library (preferably managed code, but COM will do) to do the same thing. Any ideas?

找到答案。以下是使用X.509证书在.NET中签名文件的方法：

Found the answer. Here's how to use an X.509 certificate to sign a file in .NET:

CmsSigner signer = new CmsSigner();
signer.Certificate = new X509Certificate2(certificate);

SignedCms content = new SignedCms(new ContentInfo(File.ReadAllBytes(fileToSign)));
content.ComputeSignature(signer, true);
byte[] signedFile = content.Encode();

string signedFileName = fileToSign + ".signed";
File.WriteAllBytes(signedFileName, signedFile);

Console.WriteLine("Signed file: " + signedFileName);

这里，证书是包含证书的.pfx文件的路径和 fileToSign 是要签名的文件。

Here, certificate is the path to the .pfx file containing the certificate and fileToSign is the file to sign.

推荐答案

SignTool使用CAPICOM， Crypto API。您可以使用任一。如果您要使用CAPICOM，您可以检查信息此处。

SignTool is using CAPICOM which is the COM wrapper for the Crypto API. You can use either one. If you're going with CAPICOM, you can check the information here.

这篇关于API / Library来替换signtool.exe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！