SignFile Task
Signs the specified file using the specified certificate.
Parameters
The following table describes the parameters of the SignFile task.
Parameter |
Description |
|---|---|
CertificateThumbprint |
Required String parameter. Specifies the certificate to use for signing. This certificate must be in the current user's personal store. |
SigningTarget |
Required ITaskItem parameter. Specifies the files to sign with the certificate. |
TimestampUrl |
Optional String parameter. Specifies the URL of a time stamping server. |
Remarks
In addition to the parameters listed above, this task inherits parameters from the Task class. For a list of these additional parameters and their descriptions, see Task Base Class.
Example
The following example uses the SignFile task to sign the files specified in the FilesToSign item collection with the certificate specified by the Certificate property.
<Project xmlns="https://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<FileToSign Include="File.exe" />
</ItemGroup>
<PropertyGroup>
<Certificate>Cert.cer</Certificate>
</PropertyGroup>
<Target Name="Sign">
<SignFile
CertificateThumbprint="$(CertificateThumbprint)"
SigningTarget="@(FileToSign)" />
</Target>
</Project>
Note
The certificate thumbprint is the SHA1 hash of the certificate. For more information, see Obtain the SHA-1 Hash of a Trusted Root CA Certificate.
The following example uses the Exec task to sign the files specified in the FilesToSign item collection with the certificate specified by the Certificate property. You can use this to sign Windows Installer files during the build process.
<Project xmlns="https://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<FileToSign Include="File.msi" />
</ItemGroup>
<PropertyGroup>
<Certificate>Cert.cer</Certificate>
</PropertyGroup>
<Target Name="Sign">
<Exec Command="signtool.exe sign /f CertFile /p Password "@(FileToSign)" "/>
</Target>
</Project>