A
Al_spectrum
Hello,
when you sign with SignTool and your private key is in a .pfx file,
you can specify the passphrase in the command line, with /p option.
This doesn't seem to work when your private key is in a smart card
and you need to specify the PIN. Is there any way to specify the smart
card PIN in the SignTool command line? Or, is there any other tool
that can produce Authenticode signatures with smart card-based keys
that would accept PINs in the command line?
Motivation: When you want to have an automatic software signing
system, the obvious security recommendation is to keep your
private keys on smart cards (or in HW crypto modules).
On the other hand, the ability to specify PIN/passphrase in the
command line is a natural requirement of the automatic signing.
Then it would be natural to support that functionality in the signing
tools that support keys on smart cards.
Thanks.
when you sign with SignTool and your private key is in a .pfx file,
you can specify the passphrase in the command line, with /p option.
This doesn't seem to work when your private key is in a smart card
and you need to specify the PIN. Is there any way to specify the smart
card PIN in the SignTool command line? Or, is there any other tool
that can produce Authenticode signatures with smart card-based keys
that would accept PINs in the command line?
Motivation: When you want to have an automatic software signing
system, the obvious security recommendation is to keep your
private keys on smart cards (or in HW crypto modules).
On the other hand, the ability to specify PIN/passphrase in the
command line is a natural requirement of the automatic signing.
Then it would be natural to support that functionality in the signing
tools that support keys on smart cards.
Thanks.