Code Signing Setup

Apr 5, 2026 · 3 views

Overview

OneSigner supports Windows Authenticode code signing for executables, DLLs, MSI installers, and other PE files.

Supported File Types

• .exe — Windows executables
• .dll — Dynamic link libraries
• .msi — Windows Installer packages
• .cab — Cabinet files
• .sys — System drivers
• .appx — UWP app packages

Setup Steps

1. Code Signing Certificate

You need an EV (Extended Validation) or Standard code signing certificate on a USB hardware token. Supported providers:

• DigiCert, Sectigo, GlobalSign
• SafeNet eToken (most common for EV code signing)

2. Create Code Signing Profile

1. Open hAutoSignerConfig.exe → Signing Engine tab
2. Add a new profile, select Profile Type: codesign
3. Configure:
   • Certificate Thumbprint: SHA1 thumbprint of your code signing cert
   • Token PIN: PIN for automated signing
   • Timestamp URL: http://timestamp.digicert.com
   • File Extensions: .exe,.dll,.msi
   • Source Folder: Where to watch for unsigned binaries
   • Destination Folder: Where signed binaries are saved

3. Signing Methods (Priority Order)

OneSigner tries these methods automatically:

1. In-process Win32 API: Direct signing via SignerSignEx2 (fastest)
2. ScSignTool (MGTEK): Third-party tool with PIN support
3. signtool.exe: Windows SDK tool (may prompt for PIN)

4. Verify

Right-click the signed file → Properties → Digital Signatures tab. You should see your certificate listed with a valid signature.