Difference between revisions of "Codesigning On Windows"
From Audacity Wiki
(New page.) |
(Updates.) |
||
| Line 1: | Line 1: | ||
{{intro|1=This page is about codesigning on windows for release builds.}} | {{intro|1=This page is about codesigning on windows for release builds.}} | ||
| + | |||
| + | ==The Dongle== | ||
| + | If you plan to codesign on windows, you will need a USB dongle (smart card reader) , so plan in advance to allow time for delivery. | ||
| + | |||
| + | * The dongle is both a card reader AND a USB key. | ||
| + | * Instructions for using it are in the USB key itself, strangely in the directory marked 'bin' | ||
| + | |||
| + | {{tip|1=When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent. }} | ||
| + | |||
| + | ===Activating the Cert=== | ||
| + | You will need the latest Java with all security patches. | ||
| + | * If you have not used jave ever, or not for a while, you will almost certainly need to update it. | ||
| + | * Update it before you try to activate, as without that it is confusing as to why the process has stalled. | ||
| + | |||
| + | ===Documentation=== | ||
| + | You will need to scan | ||
| + | * A page from you passport | ||
| + | * A recent utility bill or credit card statement | ||
| + | |||
| + | ===Signing the Installer=== | ||
| + | |||
| + | This is how signing used to work.... | ||
| + | |||
| + | <pre> | ||
| + | "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe | ||
| + | </pre> | ||
| + | |||
| + | The new way, using the dongle and setting a timestamp: | ||
| + | |||
| + | <pre> | ||
| + | signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe | ||
| + | </pre> | ||
| + | |||
| + | {{tip|1=To test the signing, upload the installer to dropbox and then download it again. Then double-click to open. When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown.}} | ||
Revision as of 15:47, 20 September 2018
| This page is about codesigning on windows for release builds.
|
The Dongle
If you plan to codesign on windows, you will need a USB dongle (smart card reader) , so plan in advance to allow time for delivery.
- The dongle is both a card reader AND a USB key.
- Instructions for using it are in the USB key itself, strangely in the directory marked 'bin'
|
When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent. |
Activating the Cert
You will need the latest Java with all security patches.
- If you have not used jave ever, or not for a while, you will almost certainly need to update it.
- Update it before you try to activate, as without that it is confusing as to why the process has stalled.
Documentation
You will need to scan
- A page from you passport
- A recent utility bill or credit card statement
Signing the Installer
This is how signing used to work....
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
The new way, using the dongle and setting a timestamp:
signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
|
|
To test the signing, upload the installer to dropbox and then download it again. Then double-click to open. When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown. |
