Authenticode signing with keys on smart cards




when you sign with SignTool and your private key is in a .pfx file,
you can specify the passphrase in the command line, with /p option.
This doesn't seem to work when your private key is in a smart card
and you need to specify the PIN. Is there any way to specify the smart
card PIN in the SignTool command line? Or, is there any other tool
that can produce Authenticode signatures with smart card-based keys
that would accept PINs in the command line?

Motivation: When you want to have an automatic software signing
system, the obvious security recommendation is to keep your
private keys on smart cards (or in HW crypto modules).
On the other hand, the ability to specify PIN/passphrase in the
command line is a natural requirement of the automatic signing.
Then it would be natural to support that functionality in the signing
tools that support keys on smart cards.


Bill Sanderson

This forum deals with signatures/definitions for spyware as used by Windows
Defender. I'm afraid we are not likely to know this answer.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question