EV Code Signing
See original GitHub issue- Version: 5.21.0
- Target: Windows x64
Unless I’ve missed something, the current settings with CSC_LINK
and CSC_KEY_PASSWORD
don’t satisfy the EV Code Signing requirements. DigiCert uses this as an example:
signtool sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /n "subject name" "C:\path\to\fileToSign.exe"
Where subject name
is the Issued To column in the Personal > Certificates list.
Here’s the full instructions: https://www.digicert.com/code-signing/ev-authenticode-certificates.htm
Do I need to go in and change the code that builds the signtool
line or is there something already in electron-builder to handle this?
I do see CSC_NAME
but it says it’s macOS only.
Issue Analytics
- State:
- Created 7 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
What is EV Code Signing & How It Works | DigiCert
Extended Validation Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users ......
Read more >Extended Validation (EV) Code Signing Certificates - GlobalSign
Strict vetting process - Applicants for EV Code Signing certificates go through a more rigorous application process than regular code signing certificates.
Read more >Code Signing Certificates - EV SSL & More | Sectigo® Official
EV Code Signing certificates include all the benefits of regular code signing and introduce essential features to increase security and improve customer trust....
Read more >How Does EV Code Signing Work? - Comodo SSL
An EV Code Signing Certificate ensure that your app or software code is authenticated through a strict validation process. Learn how EV Code...
Read more >EV Code Signing Certificate Vs. Regular Code Signing
EV Code Signing, short for Extended Validation Code Signing certificate, entails extensive vetting of the publisher. Additionally, in EV ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I just coded up a solution that worked for me (note: assumes your cert is in the store, subjectName is set in build.win). This is a quick proof of concept. Further work is needed for error checking etc.
Modify:
node_modules\electron-builder\out\windowsCodeSign.js
file starting Line 42ish in function spawnSign():Change:
To:
Also, a little further down (same function): Change
if (options.password) { ...
Toif (!options.subjectName && options.password) { ...
node_modules\electron-builder\out\winPackager.js
file starting Line 102ish in function sign(), add the subjectName option:And finally, add
subjectName
to yourpackage.json
:Note for this proof of concept, a dummy
certificateFile
must be specified to kickstart codesign (the file doesn’t have to exist)I actually prefer this way (of using
/n
) as no passwords are needed etc if the cert is in the store already.Duplicates #590