Difference between revisions of "Codesigning On Windows"

From Audacity Wiki
Jump to: navigation, search
(New page.)
 
(Updates.)
Line 1: Line 1:
 
{{intro|1=This page is about codesigning on windows for release builds.}}
 
{{intro|1=This page is about codesigning on windows for release builds.}}
 +
 +
==The Dongle==
 +
If you plan to codesign on windows, you will need a USB dongle (smart card reader) , so plan in advance to allow time for delivery.
 +
 +
* The dongle is both a card reader AND a USB key.
 +
* Instructions for using it are in the USB key itself, strangely in the directory marked 'bin'
 +
 +
{{tip|1=When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent. }}
 +
 +
===Activating the Cert===
 +
You will need the latest Java with all security patches.
 +
* If you have not used jave ever, or not for a while, you will almost certainly need to update it.
 +
* Update it before you try to activate, as without that it is confusing as to why the process has stalled.
 +
 +
===Documentation===
 +
You will need to scan
 +
* A page from you passport
 +
* A recent utility bill or credit card statement
 +
 +
===Signing the Installer===
 +
 +
This is how signing used to work....
 +
 +
<pre>
 +
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
 +
</pre>
 +
 +
The new way, using the dongle and setting a timestamp:
 +
 +
<pre>
 +
signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
 +
</pre>
 +
 +
{{tip|1=To test the signing, upload the installer to dropbox and then download it again.  Then double-click to open.  When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown.}}

Revision as of 15:47, 20 September 2018

This page is about codesigning on windows for release builds.

The Dongle

If you plan to codesign on windows, you will need a USB dongle (smart card reader) , so plan in advance to allow time for delivery.

  • The dongle is both a card reader AND a USB key.
  • Instructions for using it are in the USB key itself, strangely in the directory marked 'bin'
Bulb icon When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent.

Activating the Cert

You will need the latest Java with all security patches.

  • If you have not used jave ever, or not for a while, you will almost certainly need to update it.
  • Update it before you try to activate, as without that it is confusing as to why the process has stalled.

Documentation

You will need to scan

  • A page from you passport
  • A recent utility bill or credit card statement

Signing the Installer

This is how signing used to work....

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe

The new way, using the dongle and setting a timestamp:

signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
Bulb icon To test the signing, upload the installer to dropbox and then download it again. Then double-click to open. When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown.