# How to Sign an .exe File in Windows ### Prerequisites Before you begin, ensure you have the following: 1. **Code Signing Certificate**: Obtain a code signing certificate from a trusted Certificate Authority (CA) such as **DigiCert**, **Comodo**, or **GlobalSign**. 2. ***SignTool**:* This tool is part of the [**Windows SDK**](https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/). If you don't have it installed, you can download the Windows SDK from the Microsoft website. ### Step-by-Step Guide #### Step 1: Install the Windows SDK 1. Download the Windows SDK from the **Microsoft website**. \[[Installer](https://go.microsoft.com/fwlink/?linkid=2272610)]\[[iso](https://go.microsoft.com/fwlink/?linkid=2272523)] 2. Run the installer and follow the on-screen instructions. 3. Ensure you include the "*Windows SDK Signing Tools for Desktop Apps*" during installation. #### Step 2: Obtain a Code Signing Certificate 1. Purchase a code signing certificate from a trusted CA. 2. Follow the instructions provided by the CA to download and install your certificate. Typically, this involves generating a Certificate Signing Request (CSR) and submitting it to the CA. #### Step 3: Locate SignTool After installing the Windows SDK, locate `SignTool.exe`. It is usually found in: ``` C:\Program Files (x86)\Windows Kits\10\bin\x64\SignTool.exe ``` ### Step 4: Sign the .exe File Open Command Prompt as an administrator and navigate to the directory containing `SignTool.exe` and your `.exe` file. Use the following command to sign your file: ```batch signtool sign /a /t http://timestamp.digicert.com /v path\to\yourfile.exe ``` * [x] `/a`: Automatically selects the best signing certificate. * [x] `/t`: Specifies the timestamp server URL. This is crucial as it ensures the signature remains valid even after the certificate expires. * [x] `/v`: Enables verbose output, showing detailed information about the signing process. * [x] `path\to\yourfile.exe`: Replace with the actual path to your `.exe` file. ### Step 5: Verify the Signature To verify that your `.exe` file has been correctly signed, use the following command: ```batch signtool verify /pa /v path\to\yourfile.exe ``` * [x] `/pa`: Specifies that the Default Authenticode Verification Policy should be used. * [x] `/v`: Enables verbose output. If the signing process was successful, you should see a message indicating that the signature is valid. ### Conclusion By following these steps, you can ensure that your `.exe` files are securely signed, providing assurance to your users about the authenticity and integrity of your software. Code signing not only helps in building user trust but also complies with various security policies and platform requirements. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://guide.mmdrza.com/guidelines/guide/code-signing/how-to-sign-an-.exe-file-in-windows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.