Signing with a certificate from the Cert Store (rather than a pfx file)

electron-userland / electron-windows-store

:package: Turn Electron Apps into Windows AppX Packages

MIT License

674 stars 85 forks source link

Signing with a certificate from the Cert Store (rather than a pfx file) #150

Open toschlog opened 2 years ago

toschlog commented 2 years ago

I appears that it's not possible to sign the appx package using a cert from your local cert store or from a USB token.

I think this would be easy to fix. I suggest adding a config param called devCertSha1. If this is set, then instead of doing

signtool sign -f <program.devCert> -fd SHA256 -v <appxFile>

the app would do

signtool sign -sha1 <program.devCertSha1> -fd SHA256 -v <appxFile>

If this sounds reasonable, I'll make the changes, test it, and put in a pull reqeust.

rickymohk commented 7 months ago

Opening up the options for custom signtool.exe and custom parameters, or sign with hook functions, just like how @electron/windows-sign does would also be great. I would like to sign using azure key vault.