Jump to content
Registration disabled at the moment Read more... ×
Bart Kindt

How to attach a DigiCert Token certificate to exeutable

By Bart Kindt, in Delphi IDE and APIs

Recommended Posts

Angus Robertson    658

Angus Robertson
Posted

My pre and post command jobs do other stuff as well as signing, copy files to various directories.

 

Beware the signtool /a command only works when there is just one certificate available...

 

Angus

 

Share this post

Link to post

Bart Kindt    5

Bart Kindt
Posted
4 hours ago, Angus Robertson said:

My pre and post command jobs do other stuff as well as signing, copy files to various directories.

 

Beware the signtool /a command only works when there is just one certificate available...

 

Angus

 

One certifcate is already one too many for me...

Share this post

Link to post

David Hoyle    68

David Hoyle
Posted

I can't find a way of saving or pinning threads like this so have replied instead as this is a goldmine of information.

I'm half way through my 3 years on the old way of doing things and that was a nightmare to get the right files in the first place and setup so I was not looking forward to having to change to a token.

I think this thread and @Vincent Parrett's blog post could well help everyone.

regards

Dave.

Share this post

Link to post

Darian Miller    387

Darian Miller
Posted
On 12/1/2023 at 7:25 PM, Vincent Parrett said:

Alternatively - (vendor plug) - use FinalBuilder to generate your release builds - in which case code signing is pretty easy.

 

We're getting ready to tackle this new problem of code signing with tokens.  Do you have any guides for using AWS Cloud HSM with FinalBuilder?  Is that available as an action?  We're using an older copy of FinalBuilder - hopefully I can buy a new version and get this working. 

 

Share this post

Link to post

Vincent Parrett    852

Vincent Parrett
Posted
26 minutes ago, Darian Miller said:

Do you have any guides for using AWS Cloud HSM with FinalBuilder?

No, not specifically - you would just use signtool I guess. 

 

https://docs.aws.amazon.com/cloudhsm/latest/userguide/signtool.html

 

However that seems to suggest this only works if you are running on an EC2 instance. I guess to use cloud hsm with signtool over the internet you would have to create vpn access (not sure if that is possible). 

FWIW, we are working on a product to simplify code signing with hsm's  tokens (well ones that provide support pkcs#11). AWS does have pkcs#11 client library but we have not yet tested with it yet. I expect to make an announcement about the product in a few weeks (currently fleshing out the configuration interface).   

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go To Topic Listing Delphi IDE and APIs
×