Using Signum with Signtool
Introduction
Signum can be used with Microsoft’s Signtool to sign files (.dll,.cab,.appx,.exe,.msi,.ps1,etc…) in Windows. Most of the complexity around configuration is related to Signtool commands as Signum is just providing authenticated users access to the signing certificate. This guide is going to assume that Signtool has already been installed but for full instructions on how to install Signtool and a complete list of commands see Microsoft's https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool . This guide assumes the Signum Windows Agent has been installed.
Signtool Examples
The detailed view of the certificate stored in Signum, this can be accessed by selecting a certificate that has been configured in Signum from the Certificates section of the Admin Web Console.

Using the Thumbprint
PS C:\Users\Demo\Desktop\Signum_Demo> signtool.exe sign /fd SHA256 /sha1 CE1EB74EC5A8CC93EABA4066D15DDCBCEEF28EC2 example.dll
Done Adding Additional Store
Successfully signed: example.dll
With a TSA
PS C:\Users\Demo\Desktop\Signum_Demo> signtool.exe sign /fd SHA256 /sha1 CE1EB74EC5A8CC93EABA4066D15DDCBCEEF28EC2 /t http://signserver.com/signserver/process?workerId=15 example.dll
Done Adding Additional Store
Successfully signed: example.dll
Using the Certificate CN
Using the CN has the advantage that if the certificate is ever renewed existing scripts should be able to stay the same.
PS C:\Users\Demo\Desktop\Signum_Demo> signtool.exe sign /fd SHA256 /n "Code Signing" example.dll
Done Adding Additional Store
Successfully signed: example.dll
Verifying
A benefit of using a Native signing tool like Signtool is built in verification.
PS C:\Users\Demo\Desktop\Signum_Demo> signtool.exe verify /pa /v .\example.dll
Verifying: .\example.dll
Signature Index: 0 (Primary Signature)
Hash of file (sha256): B410D82594A7DD698C766FD5D9D6A417B1147DD91FE0BE7DED3C8E087CFACBEE
Signing Certificate Chain:
Issued to: Keyfactor Demo CA
Issued by: Keyfactor Demo CA
Expires: Fri Jul 23 15:28:37 2032
SHA1 hash: B2948658CE2F3133B82BE32A35A84ED7F54B5A33
Issued to: Keyfactor Demo Working
Issued by: Keyfactor Demo CA
Expires: Thu Jul 24 16:36:13 2031
SHA1 hash: D50E48B6F937AA6DE6F7DADC8DE3D3923CBB306B
Issued to: Keyfactor Demo Code Signing
Issued by: Keyfactor Demo Working
Expires: Thu Jul 24 16:36:13 2031
SHA1 hash: BED3F3DD7C9FE484454408541D857F4F6FEEFC9E
Issued to: Code Signing
Issued by: Keyfactor Demo Code Signing
Expires: Sat Aug 03 11:35:34 2024
SHA1 hash: CE1EB74EC5A8CC93EABA4066D15DDCBCEEF28EC2
File is not timestamped.
Successfully verified: .\example.dll
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0