Angus Robertson 574 Posted December 3, 2023 My pre and post command jobs do other stuff as well as signing, copy files to various directories. Beware the signtool /a command only works when there is just one certificate available... Angus Share this post Link to post
Bart Kindt 5 Posted December 3, 2023 4 hours ago, Angus Robertson said: My pre and post command jobs do other stuff as well as signing, copy files to various directories. Beware the signtool /a command only works when there is just one certificate available... Angus One certifcate is already one too many for me... Share this post Link to post
David Hoyle 68 Posted December 12, 2023 I can't find a way of saving or pinning threads like this so have replied instead as this is a goldmine of information. I'm half way through my 3 years on the old way of doing things and that was a nightmare to get the right files in the first place and setup so I was not looking forward to having to change to a token. I think this thread and @Vincent Parrett's blog post could well help everyone. regards Dave. Share this post Link to post
Darian Miller 361 Posted March 13 On 12/1/2023 at 7:25 PM, Vincent Parrett said: Alternatively - (vendor plug) - use FinalBuilder to generate your release builds - in which case code signing is pretty easy. We're getting ready to tackle this new problem of code signing with tokens. Do you have any guides for using AWS Cloud HSM with FinalBuilder? Is that available as an action? We're using an older copy of FinalBuilder - hopefully I can buy a new version and get this working. Share this post Link to post
Vincent Parrett 750 Posted March 13 26 minutes ago, Darian Miller said: Do you have any guides for using AWS Cloud HSM with FinalBuilder? No, not specifically - you would just use signtool I guess. https://docs.aws.amazon.com/cloudhsm/latest/userguide/signtool.html However that seems to suggest this only works if you are running on an EC2 instance. I guess to use cloud hsm with signtool over the internet you would have to create vpn access (not sure if that is possible). FWIW, we are working on a product to simplify code signing with hsm's tokens (well ones that provide support pkcs#11). AWS does have pkcs#11 client library but we have not yet tested with it yet. I expect to make an announcement about the product in a few weeks (currently fleshing out the configuration interface). Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}