How to Sign a Windows App or Authenticode Files On Linux Using Osslsigncode

Sign Windows Files with Osslsigncode

Introduction to Code Signing on Linux

Code signing certificates are employed to consign that the originator and the file authenticity are in good faith. Identity is either generated in the program code or as an executable file (.exe).

The digital signature that authenticates the identity is inserted into the program. The public key associated with the private one can, in turn, be used to verify that the file’s authenticity has remained intact, original, and unmodified.

There are two major categories of certificates: OV Code Signing Certificates and Extended Validation (EV) Code Signing Certificates.

At a higher level, the EV Code Signing Certificates have to be personally issued and authenticated by the trusted Certificate Authority using verified information such as full name, business address, email address, and phone number as a measure to deter fraud.

Using code signing, most developers, IoT risk managers, and people working on the OS apply this method. These include Apple iOS, Windows, Linux, Android, JAVA, Adobe AIR, and many more.

Whenever you have partners, channels, and platforms that safeguard your customers’ data, you must guard their data with utmost care and attention. Signing the software document is a good indication that safety measures are of great importance to you, and in some cases, they are even obligatory under the contract.

Signing Windows App on Ubuntu 18.04 with Osslsigncode

Osslsigncode is a signing tool used to sign, timestamp and verify Authenticode on Linux!

Signing Windows app on Ubuntu 18.04 with Osslsigncode involves the following steps:

Install osslsigncode

Install Osslsigncode via the terminal by running:

sudo apt update
sudo apt install osslsigncode

Buy or Generate a Code Signing Certificate

A code signing certificate will do for a Windows application signing. It can be a self-signed certificate or a Purchase from Certificate Authority (CA).

You may want to create a self-signed certificate to test with OpenSSL.

openssl req -newkey rsa:2048 -nodes -keyout mykey.pem -x509 -days 365 -out mycert.pem

This command will generate a private key and a self-signed certificate for 365 days. ‘You will be required to enter the information about your business and your certificate.’

Convert the Certificate to PKCS12 Format

osslsigncode works with certificates in PKCS12 format. Convert the certificate and key generated in the previous step to PKCS12 format using OpenSSL:

openssl pkcs12 -export -out mycert.pfx -inkey mykey.pem -in mycert.pem

You will be presented with an export password screen where you have to input the password. Keep this PIN in mind, as you’ll need it further on.

Sign the Windows Application

Now, with the PKCS12 file you created, you can sign your Windows app using osslsigncode. Here’s the basic syntax:

osslsigncode sign -certs mycert.pfx -pass <password> -n "Your Application Name" -in unsigned.exe -out signed.exe

Use <password>, the conversion password, in place of <password> when converting the certificate to PKCS12 format. Overwrite “Your Application Name” with the name of your application. Specify unsigned.exe instead of a path to your unsigned executable and write signed.exe instead of a name for the signed executable.

Verify the Signature

Following the signing, you can check the signature to ensure it was applied correctly:

osslsigncode verify -in signed.exe

Distribute the Signed Application

Once the application is signed, the distributable image of the signed executable can be handed over to your users.

That’s it! The signing of your Windows application on Ubuntu 18.04 has been successfully finished by osslsigncode. Remember that both your certificate and the private key are being used to verify the authenticity of your application, so please keep them in a safe place.

Conclusion

In the age of digitization, cybersecurity has become a priority now. We know that security measures, such as blocking unauthorized access to our web application and encrypting your data, are essential to safeguard your assets and data in cyberspace.

Whether you are a store owner or a big-time corporate, SignMyCode gives you customized security optimization to match your unique needs.

Code Signing Tutorials

Cheap Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Starting at Just $215.99/Year

Related posts:

  1. How to Verify the Digital Signature of a File in Windows and Linux?
  2. How to Code Sign Your iOS and iPadOS Apps Before Publishing on App Store
  3. How to Sign Visual Studio App Packages Using Azure Key Vault?
  4. How to Use Microsoft SignTool with AWS CloudHSM to Digitally Sign Authenticode Files?
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.