Signotaur Code Signing Server - Looking for beta testers

Hi All

We have developed a client/server product to handle code signing. This makes it simple to code sign from any machine and avoid the dreaded token password prompts. It also supports file based certificates for those who still have valid ones!

The client is a single exe (with a similar command line interface to signtool.exe) - 64 bit windows 10/Server 2016 or later (may run on earlier versions but not tested).

The server is supported on Windows 10/Server 2016 or later (may run on earlier versions but not tested). Linux support for the server is planned (we have it building but have not tested yet).

The server has a web interface for configuring it (adding certificates, managing users etc).

We have tested with Safenet tokens (with our own cert) and with Yubikey tokens (with self signed cert). It should work with any token that provides a 64bit pkcs#11 2.4 library dll.

We are especially interested in hearing from people with Yubikey tokens (since we have only tested with self signed cert).

The token needs to be available to the server machine, either plugged in directly or via usb passthrough for vms, or via virtualhere.

We’re still working on docs but it’s pretty simple to get up and running with it, we’ll provide some instructions with the download info etc.

If you are interested in testing this product email support @ finalbuilder.com - let us know what kind of token you have.

4 Likes

Hi V,
So how do you ensure the integrity of the EXE being signed? How does the Dev do this?
Jason

Hi Jason

We don’t manipulate the exe directly, we use the windows api to do the signing.

This is the same api call that signtool uses (I disassembled signtool to see what it did) - it invokes a callback that we use to send the digest to the server for signing.

So to answer your question, we don’t do anything special to ensure the integrity - we leave that up to windows.

I have been testing the :poop: out of it for months, there are no unsigned projectX.exe’s on my drives now :smirk: