diff options
Diffstat (limited to 'man/signcode.1')
-rwxr-xr-x | man/signcode.1 | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/man/signcode.1 b/man/signcode.1 new file mode 100755 index 00000000000..1226d55c1b9 --- /dev/null +++ b/man/signcode.1 @@ -0,0 +1,93 @@ +.\" +.\" signcode manual page. +.\" Copyright 2003 Motus Technologies +.\" Copyright 2004 Novell +.\" Author: +.\" Sebastien Pouliot (sebastien@ximian.com) +.\" +.TH Mono "signcode" +.SH NAME +signcode \- Digitally sign an PE executable using an X.509 certificate. +.SH SYNOPSIS +.PP +.B signcode [options] filename +.SH DESCRIPTION +Digitally sign an PE executable (CLR assembly, Win32 EXE or DLL) using an +X.509 certificate and it's associated private key. The signature is compatible +with Authenticode(r) and can be validated with chktrust (either on Windows or +on any platform supported by Mono). +.SH OPTIONS +.TP +.I "-spc spcfile" +The Software Publisher File (spc) that contains the X.509 certificate chain +used to digitally sign the PE executable. +.TP +.I "-v pvkfile" +The Private Key File (pvk) that contains the private key used to digitally +sign the PE executable. This private key must match the public key inside the +publisher X.509 certificate. +.TP +.I "-a md5 | sha1" +The hash algorithm used in the digital signature of the PE executable. The +default algorithm is MD5. +.TP +.I "-$ individual | commercial" +Add information about the publisher, i.e. if the signature is generated by an +individual or a commercial entity. +.TP +.I "-n description" +Add a textual description of the signed file. +.TP +.I "-i url" +Add a URL associated to the publisher or the signed file. +.TP +.I "-t url" +URL to a timestamp service to countersign the PE executable. Countersignature +is required if you want the PE executable signature to be valid after the +publisher certificate expires. The countersignature proves that the publisher +had a valid (non-expired) certificate when the PE executable was signed. +.TP +.I "-tr #" +Number of retries to get a timestamp for the countersignature. +.TP +.I "-tw #" +Delay (in seconds) between the retries to get a timestamp for the countersignature. +.TP +.I "-k name" +CryptoAPI key container name (when not using -v). +.TP +.I "-p name" +CryptoAPI provider name (when not using -v). +.TP +.I "-y #" +CryptoAPI provider type (when not using -v or -p). +.TP +.I "-ky signature | exchange | #" +CryptoAPI key type (when not using -v). +.TP +.I "-r localMachine | currentUser" +CryptoAPI key location (when not using -v). +.TP +.I "-help", "-h", "-?", "/?" +Display help about this tool. +.SH OTHER CODE SIGNING TECHNOLOGIES +Assemblies are PE files that can also be strongnamed using the sn.exe tool. The +order of code signature is important if a file requires both an Authenticode +and a strongname signature. Strongname must be applied before the Authenticode +signature. Applying a strongname after the Authenticode signature, like +re-signing an assembly (e.g. delay-sign), will invalidate the Authenticode +signature. +.SH KNOWN RESTRICTIONS +signcode cannot generate Authenticode signatures for CAB files. +.SH AUTHOR +Written by Sebastien Pouliot +.SH COPYRIGHT +Copyright (C) 2003 Motus Technologies. +Copyright (C) 2004 Novell. +Released under BSD license. +.SH MAILING LISTS +Visit http://mail.ximian.com/mailman/mono-list for details. +.SH WEB SITE +Visit: http://www.go-mono.com for details +.SH SEE ALSO +.BR chktrust(1), makecert(1), cert2spc(1) |