{"id":4598,"date":"2025-11-25T11:16:21","date_gmt":"2025-11-25T11:16:21","guid":{"rendered":"https:\/\/signmycode.com\/resources\/?p=4598"},"modified":"2025-11-25T11:17:30","modified_gmt":"2025-11-25T11:17:30","slug":"how-to-sign-windows-binaries-using-aws-kms","status":"publish","type":"post","link":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms","title":{"rendered":"How to Sign Windows Binaries using AWS KMS?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is AWS KMS?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">AWS Key Management Service (KMS) is a cloud service that allows organizations to generate, control, and maintain keys that secure their data. AWS KMS allows organizations to have a common way of dealing with keys by making encryption easier for many AWS services, programs, and operations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">AWS KMS allows users to securely generate and maintain encryption keys, set policies for access, and track use, securing data when it rests and in transit. KMS natively supports AWS services, such as S3, EBS, and <a href=\"https:\/\/signmycode.com\/resources\/how-to-configure-your-code-signing-for-aws-lambda\">Lambda<\/a>, making encryption simpler without requiring programmers to implement complicated crypto code.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">AWS KMS does encryption, and it facilitates digital signing and verification. That enables businesses to validate data, software, or messages. Its <a href=\"https:\/\/signmycode.com\/blog\/what-is-a-hardware-security-module-role-of-hsms-for-digital-signing\">hardware security modules (HSMs)<\/a> are FIPS 140-2 and FIPS 140-3 qualified, so they adhere to strict security standards for cryptography.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Businesses can use KMS to stay in compliance, roll out access controls by role, and make changes to keys automatically. That eliminates work and boosts security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Using AWS KMS for Cloud Signing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/signmycode.com\/cloud-code-signing\">Cloud signing<\/a> with AWS Key Management Service (KMS) enables organizations to sign software, documents, or other objects digitally without exposure of private keys.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of keeping keys locally in machines or hardware tokens, KMS keeps the keys secure in a dedicated hardware security appliance that is <a href=\"https:\/\/signmycode.com\/blog\/fips-140-3-certification-and-levels-fips-140-2-vs-140-3\">FIPS 140-2\/3 compliant<\/a>, so that the private keys stay secure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is especially useful to use with automated build scenarios, where signing needs to be done unsupervised, like with <a href=\"https:\/\/signmycode.com\/blog\/what-is-ci-cd-detailed-guide-on-ci-cd-pipeline\">CI\/CD pipelines<\/a> for Windows desktop software programs that need to run under many different platforms.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Dev teams can generate a KMS key pair, generate a Certificate Signing Request (CSR) for it, and get a certificate for the associated public key while controlling possession of the private key.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to Create a CSR and begin Signing Binaries<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 1: Gaining the Certificate<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Get an <a href=\"https:\/\/signmycode.com\/ev-code-signing\">EV code signing certificate<\/a> from a respectable certificate authority such as DigiCert. Make sure that you choose the option for HSM storage to be supplied by the client and choose &#8220;<strong>Amazon Web Services Key Management Service<\/strong>&#8221; for storage.<\/li>\n\n\n\n<li>It ensures that the private key of the certificate will be stored in a FIPS 140 Level 3 certified environment (AWS KMS), and it won&#8217;t be stolen or misused.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 2: Creating a Key Pair in AWS KMS<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Open your AWS account and generate a key pair in KMS, either from the AWS console or the CLI. <strong>Use at least 4096-bit RSA for code signing to meet the needs of Microsoft:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>aws kms create-key --key-spec RSA_4096 --key-usage SIGN_VERIFY<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Give an alias<\/strong> to the key to facilitate easy reference.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>aws kms create-alias --alias-name alias\/code-signing --target-key-id &lt;your-key-id><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">To be used repeatedly during the signing period.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Crafting the CSR<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Because the private key is not directly accessible within KMS, it is needed to create a temporary CSR and substitute its public key with the KMS public key, <strong>through the use of community utilities such as aws-kms-sign-csr:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl req -new -nodes -keyout \/dev\/null -newkey rsa:2048 -out code-signing-request.temp.csr<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Set up the aws-kms-sign-csr tool:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone git@github.com:g-a-d\/aws-kms-sign-csr.git\ncd aws-kms-sign-csr\npython3 -m venv aws-kms-sign-csr\n. aws-kms-sign-csr\/bin\/activate\npip3 install -r requirements.txt<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Sign the temporary CSR with your KMS license key.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/aws-kms-sign-csr.py --region &lt;your-region> --keyid alias\/code-signing --hashalgo sha256 ..\/code-signing-request.temp.csr > ..\/code-signing-request.csr<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This generates a CSR for the KMS key, ready to be sent to your certificate authority.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 4: Obtaining the Certificate from CA<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Submit the CSR to the certificate authority. After it has been validated, you&#8217;ll be given the certificate corresponding to your KMS public key. Your private key is stored securely inside AWS KMS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 5: Get Ready to Sign Binaries<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u00a0You now have:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A KMS key pair (private key never leaves KMS)<\/li>\n\n\n\n<li>Certificate from CA that is assigned to the KMS public key<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Prep your binaries to sign with tools like the SignTool from Microsoft. Signing is the following process:<\/strong><\/p>\n\n\n\n<ul start=\"1\" class=\"wp-block-list\">\n<li>Developing a summary of the binary.<\/li>\n\n\n\n<li>Signature of the digest by KMS<\/li>\n\n\n\n<li>To the binary, the signed digest.<\/li>\n\n\n\n<li>Including a timestamp<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 6: Signing the Binary<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Create the binary digest:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>signtool.exe sign -dg . -fd sha256 -f .\/certificate.cer Application.exe<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Sign the Digest using AWS KMS:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>aws kms sign --message $(cat Application.exe.dig) --message-type DIGEST --signing-algorithm \"RSASSA_PKCS1_V1_5_SHA_256\" --key-id alias\/code-signing --output text --query \"Signature\" > Application.exe.dig.signed<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Apply the signed digest to the binary:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>signtool.exe sign -di . Application.exe<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Add a timestamp to ensure long-term validity:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>signtool.exe timestamp \/tr \"http:\/\/timestamp.digicert.com\" -td sha256 Application.exe<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 7: Distribution<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Your code is now signed, trusted, and good to go. The process is all cloud-based and is able to provide high security to automated build pipelines due to the fact that the private key does not ever leave AWS KMS.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/signmycode.com\/blog\/aws-kms-embraces-the-quantum-era-with-ml-dsa-digital-signature-support\">AWS KMS Embraces the Quantum Era with ML-DSA Digital Signature Support<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">By getting a <a href=\"https:\/\/signmycode.com\/digicert-ev-code-signing\">DigiCert EV Code Signing Certificate<\/a> when integrating with AWS KMS, you have absolute security and trust in your Windows application(s).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When you store private keys in a System in AWS KMS, you retain FIPS 140 Level 3 compliance, sensitive signing material is available, yet at the same time, automated and cloud-based circle pipelines are implemented.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This configuration excludes the chances of having key leakage as well, and the signing is easily done too, and your software is trusted by the enterprise users and Windows systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is AWS KMS? AWS Key Management Service (KMS) is a cloud service that allows organizations to generate, control, and maintain keys that secure their data. AWS KMS allows organizations to have a common way of dealing with keys by making encryption easier for many AWS services, programs, and operations. AWS KMS allows users to&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms\">Read More <span class=\"screen-reader-text\">How to Sign Windows Binaries using AWS KMS?<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":4599,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[354,463],"tags":[626,627,628],"class_list":["post-4598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-keyvault-code-signing-tutorials","category-cloud-code-signing","tag-aws-kms-code-signing","tag-aws-kms-sign-csr","tag-code-signing-using-aws-kms","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Sign Windows Executables &amp; Binaries using AWS KMS?<\/title>\n<meta name=\"description\" content=\"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Sign Windows Executables &amp; Binaries using AWS KMS?\" \/>\n<meta property=\"og:description\" content=\"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Resources\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T11:16:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-25T11:17:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Sign_My_Code\" \/>\n<meta name=\"twitter:site\" content=\"@Sign_My_Code\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/person\\\/2e80276fd34fd5439c04cd3cb96a389f\"},\"headline\":\"How to Sign Windows Binaries using AWS KMS?\",\"datePublished\":\"2025-11-25T11:16:21+00:00\",\"dateModified\":\"2025-11-25T11:17:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms\"},\"wordCount\":789,\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/aws-kms-code-sign.webp\",\"keywords\":[\"AWS KMS Code Signing\",\"AWS KMS Sign CSR\",\"Code Signing using AWS KMS\"],\"articleSection\":[\"Azure Key Vault Code Signing Tutorials\",\"Cloud Code Signing\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms\",\"name\":\"How to Sign Windows Executables & Binaries using AWS KMS?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/aws-kms-code-sign.webp\",\"datePublished\":\"2025-11-25T11:16:21+00:00\",\"dateModified\":\"2025-11-25T11:17:30+00:00\",\"description\":\"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/aws-kms-code-sign.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/aws-kms-code-sign.webp\",\"width\":912,\"height\":453,\"caption\":\"CSR and Sign Code in AWS KMS\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-windows-binaries-using-aws-kms#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Sign Windows Binaries using AWS KMS?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\",\"name\":\"SignMyCode - Resources\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\",\"name\":\"SignMyCode\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Sign_My_Code\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/person\\\/2e80276fd34fd5439c04cd3cb96a389f\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web\\\/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.\",\"sameAs\":[\"http:\\\/\\\/smcresources.ssltoolsonline.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Sign Windows Executables & Binaries using AWS KMS?","description":"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms","og_locale":"en_US","og_type":"article","og_title":"How to Sign Windows Executables & Binaries using AWS KMS?","og_description":"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.","og_url":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms","og_site_name":"SignMyCode - Resources","article_published_time":"2025-11-25T11:16:21+00:00","article_modified_time":"2025-11-25T11:17:30+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@Sign_My_Code","twitter_site":"@Sign_My_Code","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#article","isPartOf":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms"},"author":{"name":"Janki Mehta","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/person\/2e80276fd34fd5439c04cd3cb96a389f"},"headline":"How to Sign Windows Binaries using AWS KMS?","datePublished":"2025-11-25T11:16:21+00:00","dateModified":"2025-11-25T11:17:30+00:00","mainEntityOfPage":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms"},"wordCount":789,"publisher":{"@id":"https:\/\/signmycode.com\/resources\/#organization"},"image":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp","keywords":["AWS KMS Code Signing","AWS KMS Sign CSR","Code Signing using AWS KMS"],"articleSection":["Azure Key Vault Code Signing Tutorials","Cloud Code Signing"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms","url":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms","name":"How to Sign Windows Executables & Binaries using AWS KMS?","isPartOf":{"@id":"https:\/\/signmycode.com\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp","datePublished":"2025-11-25T11:16:21+00:00","dateModified":"2025-11-25T11:17:30+00:00","description":"Follow step-by-step tutorial on how to generate CSR and Sign Code using SignTool and AWS KMS.","breadcrumb":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#primaryimage","url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp","contentUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/11\/aws-kms-code-sign.webp","width":912,"height":453,"caption":"CSR and Sign Code in AWS KMS"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-windows-binaries-using-aws-kms#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/resources\/"},{"@type":"ListItem","position":2,"name":"How to Sign Windows Binaries using AWS KMS?"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/resources\/#website","url":"https:\/\/signmycode.com\/resources\/","name":"SignMyCode - Resources","description":"","publisher":{"@id":"https:\/\/signmycode.com\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/resources\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/resources\/#organization","name":"SignMyCode","url":"https:\/\/signmycode.com\/resources\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2021\/11\/logo1.png","contentUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2021\/11\/logo1.png","width":135,"height":86,"caption":"SignMyCode"},"image":{"@id":"https:\/\/signmycode.com\/resources\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Sign_My_Code"]},{"@type":"Person","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/person\/2e80276fd34fd5439c04cd3cb96a389f","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web\/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.","sameAs":["http:\/\/smcresources.ssltoolsonline.com"]}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/comments?post=4598"}],"version-history":[{"count":3,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4598\/revisions"}],"predecessor-version":[{"id":4602,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4598\/revisions\/4602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/media\/4599"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/media?parent=4598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/categories?post=4598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/tags?post=4598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}