Last Updated on September 29, 2024 by Michael Morten Sonne
Table of Contents
Introduction
In today’s fast-paced digital world, ensuring the security and integrity of software applications is paramount. Digital signatures play a crucial role in this by providing a means to verify the authenticity of software, preventing tampering, and instilling trust among users. While Microsoft’s signtool.exe is a powerful utility for code signing, its command-line interface can be daunting for many.
That’s why I’m excited to introduce a new tool that adds a user-friendly Graphical User Interface (GUI) to simplify the process of digitally signing files 😉👏
Why add a GUI to Microsoft’s signtool?
Microsoft’s signtool.exe is a versatile and essential tool for code signing, but its command-line nature can be a barrier to entry for some, especially those who are less comfortable with terminal commands.
Adding a GUI to signtool.exe transforms it into an accessible and intuitive application. This GUI-based tool aims to eliminate the steep learning curve associated with command-line operations, making the digital signing process straightforward and efficient for everyone, from novice developers to seasoned professionals.
See all the tools arguments here: SignTool.exe (Sign Tool) – .NET Framework | Microsoft Learn
Why is Code Signing important
Code signing is a critical practice in software development. It ensures that the software has not been altered or corrupted since it was signed and assures users that the software comes from a trusted source. By verifying the authenticity and integrity of software, code signing helps protect against malware, tampering, and other security threats.
For developers and organizations, it is a vital step in building and maintaining user trust, as it assures users that the software they are installing is legitimate and secure.
Why have I created this tool internally first?
The journey to creating this tool began with my own experiences and the needs I encountered in my projects or internal use.
Initially, I developed this tool for internal use to streamline the code signing process for myself and my team. By using it internally first, I could refine its functionality, iron out any issues, and ensure it met real-world needs before making it publicly available. This internal testing phase allowed me to enhance the tool’s usability and feature set, ensuring it was robust and effective before sharing it with the wider developer community.
If you find bugs, let me know on GitHub! 😉
The tool
The tool includes a Windows API feature to check if it is code-signed and verify if it is signed with my Code Sign certificate listed here. It has the following states:
- Signed build (by Michael Morten Sonne) – my builds will have this state
- Signed build – other valid Code Sign certificate in your computer, can be internal trusted
- Unsigned build – be sture it´s safe, else not use this!
Supported signing methods
The tool itself is almost self-explanatory. You have the option to code sign via a .pfx certificate (with a password for the private key), or through certificates in the Windows Certificate Store (Current User and Local Machine) where a private key exists (of course, you need the appropriate permissions to use the private key).
(More features to come over time…) 🙈
And finally, the support for Microsoft’s new Trusted Signing feature! 👏
Certificate information
If you select either the .pfx file method (with a password) or the Windows Certificate Store method, you have the option to view the certificate details in the Certificate Information box and show the full information via the Show all data in pop-up button.
Signtool
The tool includes a built-in version of Microsoft’s signtool.exe (currently v. 10.0.22621.3233), which supports and has been tested with all the features available in the tool. This ensures compatibility and reliability for all signing operations.
Additionally, there are specific requirements for Trusted Signing to work correctly. These requirements must be met to utilize this feature effectively, ensuring secure and authenticated code signing through Microsoft’s Trusted Signing service 😊
The files used for this is located in the applications .\Tools folder.
If needed too, you can show all the signtool output via the option to Show all output over the log output.
Features
This tool is packed with features designed to simplify and enhance the code signing process:
- Intuitive user interface: SignToolGUI offers a user-friendly interface, simplifying the digital signing process without the need for complex command-line inputs. Easily navigate through signing tasks with a straightforward design.
- Support for various certificates: Utilize .pfx certificates, certificates from the Windows Certificate Store, and the Microsoft Trusted Signing service. Manage and select certificates directly within the tool, with the flexibility to add more options in the future.
- File selection and management: Effortlessly sign various file types such as executables, drivers, DLLs, and more. Add entire folders or select specific files for signing via a simple file explorer interface. Drag-and-drop functionality enhances convenience, and only marked files in the list will be signed, providing full control over the process.
- Batch Signing Support: Streamline your workflow by signing multiple files in batch mode. This feature significantly reduces the time and effort needed for signing large projects or collections of files.
- Logging and error handling: Access detailed logs of the signing process to track and troubleshoot any issues that may arise, ensuring a smooth and reliable signing experience (more to come…)
- Streamlined workflow: Simplify the signing process to reduce the time and effort required, making it easier to secure your applications efficiently.
- and more to come…
The code
In Visual Studio, I have structured the SignToolGUI project to ensure clarity and maintainability. Here’s a detailed breakdown of the project’s organization and its various components:
Code Metrics
The project also includes code metrics to ensure quality and maintainability, and as this day the overview looks like this:
- Maintainability Index: Provides a measure of how easy it is to maintain the code.
- Cyclomatic Complexity: Indicates the complexity of the code based on the number of decision points.
- Depth of Inheritance: Measures the number of classes that inherit from one another.
- Class Coupling: Indicates how interdependent classes are within the project.
- Lines of Source Code: Provides the count of actual lines of code excluding comments and whitespace.
- Lines of Executable Code: Provides the count of lines that are executable.
Project Structure
- Solution Items
- References: Libraries and dependencies required for the project.
- SignToolGUI: Main project directory containing all source code and resources.
Directories and key files
- Forms:
- Contains all the Windows Forms classes which define the GUI of the application.
- MainForm.cs:
- This is the primary form of the application where the main functionalities are implemented.
- Key functionalities:
- Form actions
- Sign options GUI
- Sign files GUI
- Certificate info
- AboutForm.cs: Form that displays information about the application.
- ChangeLogForm.cs: Form that shows the changelog of the application.
- Tools:
- Utility classes and helper functions.
- Supported signtool.exe and files for Trusted Signing
- Global.cs: Contains global variables and constants.
- HighDpi.cs: Manages high DPI settings to ensure the application looks good on all displays.
- NativeMethods.cs: Contains P/Invoke signatures for native Windows API calls.
- Signer.cs: Core logic for handling the signing process.
- SignerThumbprint.cs: Manages certificate thumbprint operations.
- SignTool.cs: Interface with the signtool.exe.
- StringCipher.cs: Handles string encryption and decryption for secure data storage.
- SignFile.cs: Manages individual file signing operations.
- SignTrustedSigning.cs: Integrates with Microsoft’s Azure Trusted Signing service.
- Properties:
- Contains configuration files for the project.
- app.config: Configuration settings for the application.
- CertificateIcon.ico: Icon file used for representing certificates in the GUI.
- Program.cs:
- Entry point for the application.
- Initializes and starts the main form.
Your support
Developing and maintaining tools like this requires time and effort. Your support can help keep this project alive and thriving. If you find this tool useful and would like to support my work, you can do so via Buy Me a Coffee or via the link on GitHub.
Your contributions will help too for the further development and enhancements! 👏
You can also do it from here and read more about why: Why donate? – Blog – Sonne´s Cloud (sonnes.cloud) 👏❤️
GitHub
I’m excited to share this tool with the Community. You can find the public project on my GitHub, where you can download the tool, access the source code, and contribute to its ongoing development if you like! 😊
Check out the GitHub repository here: michaelmsonne/SignToolGUI (github.com)
The “old” private repository is now an “archive”. As you can see, the tool is somewhat old and has accumulated numerous commits over the time:
Conclusion
In a world where digital security is more critical than ever, having the right tools can make all the difference. This GUI tool for Microsoft’s signtool.exe is designed to make the process of code signing accessible, efficient, and effective for all developers. By simplifying digital signatures, we can help ensure that software remains secure and trustworthy. I invite you to explore this tool, contribute to its development, and join me in enhancing digital security for everyone.
Stay tuned for more updates and features. Together, let’s elevate our digital security practices!
Thank you for taking the time to visit my blog. Kindly share it with others if you find it helpful for them! 😉🔐👍
Remember you can allways support me and my development of tools and creating of content and so via Why donate? – Blog – Sonne´s Cloud (sonnes.cloud)
Stay tuned for the new post about something cool! 🥳