Digicert Codesigning Certificate - Etoken 5110+ FIPS - Jsign automated signing #200
Replies: 1 comment
-
Thanks, don't forget to star the project if you like it ;)
Do you really plug that many tokens on a single machine? How do you do that? Note that at this scale using an HSM such as a Nitrokey HSM (up to 55 RSA keys stored) is probably a better strategy, or using a cloud signing service.
Do you mean that you would like to select the key by the common name of its certificate instead of its alias on the token?
Note that the There are 3 cases:
|
Beta Was this translation helpful? Give feedback.
-
Hello,
thank you for your precious tool that replaces ToolSign.exe.
Our goal was to automate signing from CLI or from application shells for adding a signature to multiple .exe files.
We plan to use several Digicert Tokens.
Using other tools there is the need of inserting the password for every sign, or at least on every session disabling some options in the SafeNet Authentication Client.
But just think if you plan to use 100 Tokens what happens in case of a reboot after windows mandatory updates. 100 authentications ? No way !!
We immediately focused on jsign, but the proposed syntax on how to use a Signing with a SafeNet eToken could be improved as follows:
jsign --storetype ETOKEN --storepass XXXXXX --alias "YOUR COMMON NAME" testcli.exe
the proposed syntax was:
jsign --storetype ETOKEN --storepass --certfile full-chain.pem application.exe
in this case you don't have to struggle with .pem files, also because Digicert asserts that that feature is deprecated.
"Actually with this option the jsign output: jsign: certfile option can only be specified
if the certificate from the keystore contains only one entry"
Hope to solve some headaches to someone who got my same issue.
Beta Was this translation helpful? Give feedback.
All reactions