1.0.2 • Published 2 years ago

yzb-signcode v1.0.2

Weekly downloads
-
License
MIT
Repository
github
Last release
2 years ago

signcode

Travis Build Status js-standard-style npm downloads

Sign Windows executables and installers from a Mac.

Works with .pem, .p12, and .pfx code signing files.

Signs with sha1 and sha256 signatures by default.

Installing

npm install --save-dev signcode

Using

var signcode = require('signcode')

var options = {
  cert: '/Users/kevin/certs/cert.pem',
  key: '/Users/kevin/certs/key.pem',
  overwrite: true,
  path: '/Users/kevin/apps/myapp.exe'
}

signcode.sign(options, function (error) {
  if (error) {
    console.error('Signing failed', error.message)
  } else {
    console.log(options.path + ' is now signed')
  }
})

signcode.verify({ path: '/Users/kevin/apps/myapp.exe' }, function (error) {
  if (error) {
    console.error('Not signed', error.message)
  } else {
    console.log(options.path + ' is signed')
  }
})

Signing Options

NameTypeRequiredDescription
certStringYesPath to a certificate file.
pathStringYesFile path to executable to sign.
hashArrayNoSignature types to sign the executable with. Defaults to ['sha1', 'sha256'].
keyStringNoPath to a .pem key file. Only required if cert is a .pem file.
nameStringNoProduct name to include in the signature.
overwriteBooleanNotrue to sign the executable in place, false to write the signed file at the same path but with -signed at the end of it. Defaults to false.
passwordStringNoPassword to the certificate or key.
passwordPathStringNoPath to a file containing the password for the certificate or key.
siteStringNoWebsite URL to include in the signature.

Verification Options

NameTypeRequiredDescription
pathStringYesFile path to executable to verify.
hashStringNoCertificate fingerprint to expect on executable.

Command Line Example

signcode sign /Users/kevin/apps/myapp.exe \
  --cert /Users/kevin/certs/cert.p12 \
  --prompt \
  --name 'My App' \
  --url 'http://birthday.pizza'
signcode verify /Users/kevin/apps/myapp.exe

Run signcode -h to see all the supported options.

Cert helpers commands

These commands are helpful when working with certificates.

Create cert and key with no password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Create cert and key with a password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

Create a p12 with no password

openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem

Show fingerprint of a cert

openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256
promptyargs
@infinitebrahmanuniverse/nolb-yz@everything-registry/sub-chunk-3217
1.0.2

2 years ago

1.0.1

2 years ago