Option | Description |
|---|
-$ authority | Specifies the signing authority of the certificate, which must be either individual or commercial. By default, Signcode.exe uses the certificate's highest permission. |
-a algorithm | Specifies the hashing algorithm for signing, which must be either md5 (the default) or sha1. |
-c file | Specifies the file that contains the encoded software publishing certificate. |
-cn name | Specifies the common name of the certificate. |
-i info | Specifies a place to get more information on content (usually a URL). |
-j dllName | Specifies the name of a DLL that returns an array of authenticated attributes for signing files. You can specify more than one DLL by repeating the -j option. |
-jp param | Specifies a parameter to be passed for the preceding DLL. For example: -j dll1 -jp dll1Param. The tool allows only one parameter per DLL. |
-k keyname | Specifies the key container name. |
-ky keytype | Specifies the key type, which must be signature, exchange, or an integer (such as 4). |
-n name | Specifies a text name that represents the content of the file to sign. |
-p provider | Specifies the name of the cryptographic provider on the system. |
-r location | Specifies the location of the certificate store in the registry, which must be either currentuser (the default) or localmachine. |
-s store | Specifies the certificate store that contains the signing certificate. The default is my store. |
-sha1 thumbprint | Specifies the thumbprint, which is the sha1 hash of the signing certificate included in the certificate store. |
-sp policy | Sets the certificate store policy, which must be either spcStore (the default) or chain. If you specify chain, all certificates in the verification chain, including self-signed certificates, are added to the signature. If you specify spcStore, trusted, self-signed certificates are not included with the certificates in the chain that are added to the signature. |
-spc file | Specifies the SPC file that contains software publishing certificates. |
-t URL | Indicates that the file is to be timestamped by the timestamp server at the specified http address. |
-tr number | Specifies the maximum number of timestamp trials until success; defaults to 1. |
-tw number | Specifies the delay (in number of seconds) between each timestamp trial. Defaults to 0. |
-v pvkFile | Specifies the private key (.pvk) file name that contains the private key. |
-x | Timestamps, but does not sign, the file. |
-y type | Specifies the cryptographic provider type to use. A cryptographic provider contains implementations of cryptographic standards and algorithms. For a list of the default provider types, see "Microsoft Cryptographic Service Providers" in the Platform SDK. |
-? | Displays command syntax and options for the tool. |