[Lazarus] Can Lazarus/FPC sign the created executables (Windows)?
Martin Frb
lazarus at mfriebe.de
Tue Sep 24 12:32:21 CEST 2024
On 24/09/2024 12:15, Bo Berglund via lazarus wrote:
> OK, thanks.
>
> I downloaded the Windows SDK installer and when I ran it I got to a selection
> page where I could select to ONLY install the signing tool.
>
> The InnoSetup6 install builder does have support for signing so I will go there
> for further research.
Well, do you have a certificate?
This is the command I use
signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd
sha256 /a C:\path\to\target.exe
The params are explained on
https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
The /tr .... /td... is optional, but recommended. And there is a list
of time servers that can be used
If you have more than one certificate (added to the windows certificate
store), then you may need to add something to select the one you want....
Usually, if you buy a cert, you get a piece of hardware (e.g. usb
dongle) and instructions which extra software to use to add the cert
from that hardware to the cert store. (and it will only work while the
dongle is plugged in).
If you want to use a self issued cert, you need to find a tutorial on
that => but windows will not trust self signed certs... (Well the user
may or may not be able to add your cert to their trusted cert list, but
I have no idea ...)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20240924/ab54a8f6/attachment.htm>
More information about the lazarus
mailing list