Hi all.
I try to automate code-signing. How can I find out within Xojo (or plugin) if a file is code-signed or not?
If not signed, WIndows will told you at run time… IMHO
Are you building an installer?
InnoSetup has a flag called signonce where it will only sign a file if unsigned.
Yes, but I want to check if some build .exe files are already signed. If not, sign them.
If signiture is expired, resign with new certificate
I’ve got a ugly solution: Read the .exe and search for Strings like “sectigo.com” or “CodeSigning”, but that does not tell me anything about the certificate at all.
I ask because most Windows software comes in an installer. Many Xojo developers I know (and myself included) use InnoSetup to build installers., We use InnoSetup’s ability to codesign to automate code signing at the packing step, not the Xojo step.
I use Innosetup, too.
Ahhh, got it. Thanks!
For someone searching for the exact data and expire dates:
signtool verify /pa /v {programname.exe}