I have used K Software for a while now and usually dread the renewal date because it never goes smoothly.
This time, it’s particularly bad. Firstly, the cost has gone from $87 to $313 per annum, but is gob smacking and they’ve also changed their method of signing to using a USB stick. The $313 usb stick arrives in a simple white envelope without my name, their company details or any instructions whatsoever on how to use it.
I have searched their website for help but it’s all very poor instructions and out of date as the USB isn’t mentioned anywhere (as far as I could see).
Their support is next to useless as they take weeks to reply (if at all) and usually their support isn’t very helpful. I’m currently waiting for my first response on this after I’ve sent 3 emails over the past week.
Okay, rant over.
Has anyone used this method successfully? If so, would you have a link or something to help me understand what to do?
On a less priority, are there other options for me for code signing? Better support and less expensive?
No, nothing on the stick. The light comes on, flashes briefly, but doesn’t appear as a drive. I use parallels, so that’s got me wondering is there an issue because of that.
I’m going to check it on my PC (if it can find the ON button just to be sure…
Thanks again Greg. I presume you have used the USB Token yourself? From what I read on your link and from Thomas’s question, I expect I should see the USB Token as a USB drive and the PFX files is something? Nothing is appearing either on the VM or a standard PC. The light on the Token remains on, which I expect is wrong? Does it sound like the Token is faulty?
Chris, I’ll respond back tomorrow when I get to the computer. I recently renewed with kSoftware too, so I went through this whole process. It’s… complicated, at least to get started and to understand how to use the new process. I made myself some notes, which I’ll share with you tomorrow. I had to chat with them as I also received no email back from them and their knowledge base is less than helpful
After I got it working, it is actually a bit easier to use now as you won’t have to use their kSign tool. You’ll use the command prompt going forward but will also need that SafeNet app
Plug your flash drive with token you received from kSoftware
Open the SafeNet Authentication Client Tools app
Change the password in SafeNet. You will first need to enter the email you received from kSoftware via email and then change it to something easy for you to remember
With the token still inserted and SafeNet still open, open the command prompt (type in cmd in the search)
Enter the following and hit Enter to launch sign tool: cd C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86
Enter the following to sign the file. Note. You will replace the XXXX with your company name registered at kSoftware for the certificate, and you will replace the YYYY with the full path to your installer package file. For both, be sure to include the quotes as below:
signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n “XXXX” “YYYY”
For example, my full line in command prompt is:
signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n “Visual Veggies Software” “C:\Users\ryan_m121u5o\Desktop\installers\DEMO\Visual Veggies Study Suite DEMO.exe”
You will be prompted for your password. Enter the password you just changed for the token
Good luck with it. As you see by my notes, it looks complicated, and it is until you get a process down for yourself.
Tip from my experience: Add the notes to a Notepad file and replace the step 7 with your full signtool command prompt to your apps. Step 6 should always be the same for all apps. When you go in to sign new apps/updates, you can refer to the Notepad file and copy/paste the command prompts. My example is for my demo app, but I have separate entries for my other 6 apps all in the same notepad file. It’s a smoother process as I now just copy/paste
As I am again faced with renewing my certificate (dealing with Sectigo has traditionally been less fun than root canal), I too am following this with interest.
Ryan thanks very much for your steps. I don’t know how long I would have been going around in circles and down rabbit holes without your guidance.
I just have two points on your steps that differed for me and may help Jerry:
In step 4, I wasn’t asked for a password
And Step 6, the location of my signtool was different, so my step was:
cd C:\Program files (x86)\kSign
Other than that, it was flawless for me. Thanks again Ryan!
Chris
(Edit) Incidentally, for those of you who might be unaware, I typed Steps 6 & 7 into NotePad and when I was Saving the file, I saved it as ‘Sign Setup.bat’ (The .bat is the important bit). This creates a Batch file which will automatically launch CMD, run the contents and close again, saving the copying and pasting.
Chris, did you actually get K Software to respond to you? I had used them for about 7 years and my certificate was up for renewal late last year. I must have emailed them 10-12 times with no response. I tried calling the listed number, and same thing, no answer. I ended up going directly through Sectigo, and that is a bit daunting, but finally got it all worked out. Were you able to get hold of K Software?
Not from K Software. They seem to ignore their support emails but were quite helpful when I rang them.
I had purchased my token from K Software through Sectigo (support@sectigo.com) who did respond… eventually. I received an email with some instructions, but it was several days after Ryan’s solution as well as many emails from me to them.
OK, thanks. I wish they had replied back to me in December, I really enjoyed using them over the years. Not sure what I will do in 3 years when it expires again. Thanks for the reply.
just to be sure…