SignFile Task

 

For the latest documentation on Visual Studio 2017 RC, see Visual Studio 2017 RC Documentation.

Signs the specified file using the specified certificate.

The following table describes the parameters of the SignFile task.

Note that SHA-256 certificates are allowed only on machines that have .NET 4.5 and higher.

System_CAPS_ICON_warning.jpg Warning

Starting in Visual Studio 2013 Update 3, this task has a new signature that allows you to specify the target framework version for the file. You are encouraged to use the new signature wherever possible, because the MSBuild process uses SHA-256 hashes only when the target framework is .NET 4.5 or higher. If the target framework is .NET 4.0 or below, the SHA-256 hash will not be used.

ParameterDescription
CertificateThumbprintRequired String parameter.

Specifies the certificate to use for signing. This certificate must be in the current user's personal store.
SigningTargetRequired ITaskItem parameter.

Specifies the files to sign with the certificate.
TimestampUrlOptional String parameter.

Specifies the URL of a time stamping server.
TargetFrameworkVersionThe version of the .NET Framework that is used for the target.

In addition to the parameters listed above, this task inherits parameters from the Task class. For a list of these additional parameters and their descriptions, see Task Base Class.

The following example uses the SignFile task to sign the files specified in the FilesToSign item collection with the certificate specified by the Certificate property.

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">  
    <ItemGroup>  
        <FileToSign Include="File.exe" />  
    </ItemGroup>  
    <PropertyGroup>  
        <Certificate>Cert.cer</Certificate>  
    </PropertyGroup>  
    <Target Name="Sign">  
        <SignFile  
            CertificateThumbprint="$(CertificateThumbprint)"  
            SigningTarget="@(FileToSign)"   
            TargetFrameworkVersion="v4.5" />  
    </Target>  
</Project>  

System_CAPS_ICON_note.jpg Note

The certificate thumbprint is the SHA-1 hash of the certificate. For more information, see Obtain the SHA-1 Hash of a Trusted Root CA Certificate.

The following example uses the Exec task to sign the files specified in the FilesToSign item collection with the certificate specified by the Certificate property. You can use this to sign Windows Installer files during the build process.

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">  
    <ItemGroup>  
        <FileToSign Include="File.msi" />  
    </ItemGroup>  
    <PropertyGroup>  
        <Certificate>Cert.cer</Certificate>  
    </PropertyGroup>  
    <Target Name="Sign">  
        <Exec Command="signtool.exe sign /f CertFile /p Password "@(FileToSign)" "/>  
        <SignFile  
            CertificateThumbprint="$(CertificateThumbprint)"  
            SigningTarget="@(FileToSign)"   
            TargetFrameworkVersion="v4.0" />  
    </Target>  
</Project>  

Task Reference
Tasks

Show: