Simple tool to sign all EXE and MSIX files in a folder.
This program is a Delphi FireMonkey project but only useful in Windows environment because it uses a Windows SDK utility.
This code repository contains a project developed in Object Pascal language under Delphi. You don't know what Delphi is and where to download it ? You'll learn more on this web site.
You can use it to sign your programs before distributing them or to resign them if you signed with an expired certificate without time stamping the signature.
To use this program you need the Microsoft Windows SDK on your Windows 10 or 11 computer. Locate signtool.exe on your computer to check if it's installed.
You need a code signing certificate (PFX file and its password or a token). If you don't have any, buy one from an authority like Sectigo, Digicert, Certum or other authority recognized by Microsoft for Authenticode and Windows Smart Screen system.
You can create a personnal certificate but you need to deploy private key on computers where you will use your signed programs to avoid Windows alerts. For public publishing, you need an official CSC. In the past I used tu buy my CSC on Tucows authors website and after KSoftware. Now I buy them to Certum (the cheapest on the market as far as I know on 2024-02-01, but with a token that doesn't currently work on Windows ARM).
Protect your certificate and its password : your reputation is on the line. The security of your users too !
Read more about signtool.exe on Microsoft documentation.
To find out more about replacing certificate files with physical tokens, see this explanation.
Launch the program. Fill the fields. Choose the folder from which exe/msix files you want to sign. Start signing process.
Program title and URL are displayed when Smart Screen tells users a file have been downloaded. You can put something in it or nothing. It does no real difference.
Don't (re)sign/distribute programs and installers you are not the developer.
Check viruses before signing programs. Don't sign an exe / MSIX file if it contains viruses or other malware. You will be responsible of it !
Just to say, the program does a simple loop on files in the choosen folder and for each selected file it executes this command :
"path to signtool.exe" sign /v /debug /f "PFXFilePath" /p PFXPassWord /tr "TimestampServerURLIfSpecified (recommanded)" /td SHA256 /fd SHA256 /d "ProgramTitle (if specified)" /du "YourURL (if specified)" "path to EXE or MSIX file to sign"
"path to signtool.exe" sign /v /debug /n "UID" /tr "TimestampServerURLIfSpecified (recommanded)" /td SHA256 /fd SHA256 /d "ProgramTitle (if specified)" /du "YourURL (if specified)" "path to EXE or MSIX file to sign"
"path to signtool.exe" sign /v /debug /n "Certificate name" /tr "TimestampServerURLIfSpecified (recommanded)" /td SHA256 /fd SHA256 /d "ProgramTitle (if specified)" /du "YourURL (if specified)" "path to EXE or MSIX file to sign"
Signing EXE files is never a problem if the certificate is good.
Signing MSIX files is available only if MSIX is not signed or if it has been signed with the same certificate you are using to resign it.
In case of error, nothing is done, the file doesn't change. In case of it works, the date/time of the file change. You can display signature informations from file property dialog box.
Follow my development streams of software, video games, mobile applications and websites on my Twitch channel or as replays on Serial Streameur mostly in French.
This software is available in a directly installable or executable production version. It is distributed as shareware.
You can download and redistribute it free of charge, provided you do not modify its content (installer, program, additional files, etc.).
It is also available from GetIt directly in the Delphi, C++Builder and RAD Studio development environment.
If you use this software regularly and are satisfied with it, you are invited to purchase an end-user license. Purchasing a license will give you access to software updates, as well as enabling optional features.
You can also visit the software website to find out more about how it works, access videos and articles, find out about the different versions available and their features, contact user support...
To download this code repository, we recommend using "git", but you can also download a ZIP file directly from its GitHub repository.
This project uses dependencies in the form of sub-modules. They will be absent from the ZIP file. You'll have to download them by hand.
This source code is distributed under the AGPL 3.0 or later license.
You are generally free to use the contents of this code repository anywhere, provided that:
If this license doesn't suit your needs, you can purchase the right to use this project under the Apache License 2.0 or a dedicated commercial license (contact the author to explain your needs).
These source codes are provided as is, without warranty of any kind.
Certain elements included in this repository may be subject to third-party usage rights (images, sounds, etc.). They are not reusable in your projects unless otherwise stated.
If you want an answer from the project owner the best way to ask for a new feature or report a bug is to go to the GitHub repository and open a new issue.
If you found a security issue please don't report it publicly before a patch is available. Explain the case by sending a private message to the author.
You also can fork the repository and contribute by submitting pull requests if you want to help. Please read the CONTRIBUTING.md file.
If you think this project is useful and want to support it, please make a donation to its author. It will help to maintain the code and binaries.
You can use one of those services :
or if you speack french you can subscribe to Zone Abo on a monthly or yearly basis and get a lot of resources as videos and articles.