使用 Visual Studio 对exe文件进行数字签名

使用“VS2013 开发人员命令提示”运行签名工具。转到要签名的文件目录运行命令：

signtool sign /a 要签名的程序.exe

signtool 的相关命令

Usage: signtool <command> [options]

        Valid commands:
                sign       --  Sign files using an embedded signature.
                timestamp  --  Timestamp previously-signed files.
                verify     --  Verify embedded or catalog signatures.
                catdb      --  Modify a catalog database.
                remove     --  Reduce the size of an embedded signed file.

For help on a specific command, enter "signtool <command> /?"

把签名程序存放到一个bat文件中，为了省事，我直接把“VS2013 开发人员命令提示”中的文件合并到一块了，全文如下。

@call :GetVSCommonToolsDir
@if "%VS120COMNTOOLS%"=="" goto error_no_VS120COMNTOOLSDIR

@call "%VS120COMNTOOLS%VCVarsQueryRegistry.bat" 32bit No64bit

@if "%VSINSTALLDIR%"=="" goto error_no_VSINSTALLDIR
@if "%FrameworkDir32%"=="" goto error_no_FrameworkDIR32
@if "%FrameworkVersion32%"=="" goto error_no_FrameworkVer32
@if "%Framework40Version%"=="" goto error_no_Framework40Version

@set FrameworkDir=%FrameworkDir32%
@set FrameworkVersion=%FrameworkVersion32%

@if not "%WindowsSDK_ExecutablePath_x86%" == "" (
	@set "PATH=%WindowsSDK_ExecutablePath_x86%;%PATH%"
)

@if not "%WindowsSdkDir%" == "" (
	@set "PATH=%WindowsSdkDir%binx86;%PATH%"
	@set "INCLUDE=%WindowsSdkDir%includeshared;%WindowsSdkDir%includeum;%WindowsSdkDir%includewinrt;%INCLUDE%"
	@set "LIB=%WindowsSdkDir%libwinv6.3umx86;%LIB%"
	@set "LIBPATH=%WindowsSdkDir%ReferencesCommonConfigurationNeutral;%ExtensionSDKDir%Microsoft.VCLibs12.0ReferencesCommonConfiguration
eutral;%LIBPATH%"
)

@rem
@rem Root of Visual Studio IDE installed files.
@rem
@set DevEnvDir=%VSINSTALLDIR%Common7IDE

@rem PATH
@rem ----
@if exist "%VSINSTALLDIR%Team ToolsPerformance Tools" (
	@set "PATH=%VSINSTALLDIR%Team ToolsPerformance Tools;%PATH%"
)
@if exist "%ProgramFiles%HTML Help Workshop" set PATH=%ProgramFiles%HTML Help Workshop;%PATH%
@if exist "%ProgramFiles(x86)%HTML Help Workshop" set PATH=%ProgramFiles(x86)%HTML Help Workshop;%PATH%
@if exist "%VCINSTALLDIR%VCPackages" set PATH=%VCINSTALLDIR%VCPackages;%PATH%

@if exist "%FrameworkDir%%Framework40Version%" set PATH=%FrameworkDir%%Framework40Version%;%PATH%
@if exist "%FrameworkDir%%FrameworkVersion%" set PATH=%FrameworkDir%%FrameworkVersion%;%PATH%
@if exist "%VSINSTALLDIR%Common7Tools" set PATH=%VSINSTALLDIR%Common7Tools;%PATH%
@if exist "%VCINSTALLDIR%BIN" set PATH=%VCINSTALLDIR%BIN;%PATH%
@set PATH=%DevEnvDir%;%PATH%

@rem Add path to MSBuild Binaries
@if exist "%ProgramFiles%MSBuild12.0in" set PATH=%ProgramFiles%MSBuild12.0in;%PATH%
@if exist "%ProgramFiles(x86)%MSBuild12.0in" set PATH=%ProgramFiles(x86)%MSBuild12.0in;%PATH%

@rem Add path to TypeScript Compiler
@if exist "%ProgramFiles%Microsoft SDKsTypeScript1.0" set PATH=%ProgramFiles%Microsoft SDKsTypeScript1.0;%PATH%
@if exist "%ProgramFiles(x86)%Microsoft SDKsTypeScript1.0" set PATH=%ProgramFiles(x86)%Microsoft SDKsTypeScript1.0;%PATH%

@if exist "%VSINSTALLDIR%VSTSDBDeploy" (
	@set "PATH=%VSINSTALLDIR%VSTSDBDeploy;%PATH%"
)

@if not "%FSHARPINSTALLDIR%" == "" (
	@set "PATH=%FSHARPINSTALLDIR%;%PATH%"
)

@if exist "%DevEnvDir%CommonExtensionsMicrosoftTestWindow" (
	@set "PATH=%DevEnvDir%CommonExtensionsMicrosoftTestWindow;%PATH%"
)

@rem INCLUDE
@rem -------
@if exist "%VCINSTALLDIR%ATLMFCINCLUDE" set INCLUDE=%VCINSTALLDIR%ATLMFCINCLUDE;%INCLUDE%
@if exist "%VCINSTALLDIR%INCLUDE" set INCLUDE=%VCINSTALLDIR%INCLUDE;%INCLUDE%

@rem LIB
@rem ---
@if exist "%VCINSTALLDIR%ATLMFCLIB" set LIB=%VCINSTALLDIR%ATLMFCLIB;%LIB%
@if exist "%VCINSTALLDIR%LIB" set LIB=%VCINSTALLDIR%LIB;%LIB%

@rem LIBPATH
@rem -------
@if exist "%VCINSTALLDIR%ATLMFCLIB" set LIBPATH=%VCINSTALLDIR%ATLMFCLIB;%LIBPATH%
@if exist "%VCINSTALLDIR%LIB" set LIBPATH=%VCINSTALLDIR%LIB;%LIBPATH%
@if exist "%FrameworkDir%%Framework40Version%" set LIBPATH=%FrameworkDir%%Framework40Version%;%LIBPATH%
@if exist "%FrameworkDir%%FrameworkVersion%" set LIBPATH=%FrameworkDir%%FrameworkVersion%;%LIBPATH%

@rem VisualStudioVersion
@rem -------------------
@set VisualStudioVersion=12.0

@goto end

@REM -----------------------------------------------------------------------
:GetVSCommonToolsDir
@set VS120COMNTOOLS=
@call :GetVSCommonToolsDirHelper32 HKLM > nul 2>&1
@if errorlevel 1 call :GetVSCommonToolsDirHelper32 HKCU > nul 2>&1
@if errorlevel 1 call :GetVSCommonToolsDirHelper64  HKLM > nul 2>&1
@if errorlevel 1 call :GetVSCommonToolsDirHelper64  HKCU > nul 2>&1
@exit /B 0

:GetVSCommonToolsDirHelper32
@for /F "tokens=1,2*" %%i in ('reg query "%1SOFTWAREMicrosoftVisualStudioSxSVS7" /v "12.0"') DO (
	@if "%%i"=="12.0" (
		@SET "VS120COMNTOOLS=%%k"
	)
)
@if "%VS120COMNTOOLS%"=="" exit /B 1
@SET "VS120COMNTOOLS=%VS120COMNTOOLS%Common7Tools"
@exit /B 0

:GetVSCommonToolsDirHelper64
@for /F "tokens=1,2*" %%i in ('reg query "%1SOFTWAREWow6432NodeMicrosoftVisualStudioSxSVS7" /v "12.0"') DO (
	@if "%%i"=="12.0" (
		@SET "VS120COMNTOOLS=%%k"
	)
)
@if "%VS120COMNTOOLS%"=="" exit /B 1
@SET "VS120COMNTOOLS=%VS120COMNTOOLS%Common7Tools"
@exit /B 0

@REM -----------------------------------------------------------------------
:error_no_VS120COMNTOOLSDIR
@echo ERROR: Cannot determine the location of the VS Common Tools folder.
@goto end

:error_no_VSINSTALLDIR
@echo ERROR: Cannot determine the location of the VS installation.
@goto end

:error_no_FrameworkDIR32
@echo ERROR: Cannot determine the location of the .NET Framework 32bit installation.
@goto end

:error_no_FrameworkVer32
@echo ERROR: Cannot determine the version of the .NET Framework 32bit installation.
@goto end

:error_no_Framework40Version
@echo ERROR: Cannot determine the .NET Framework 4.0 version.
@goto end

:end

@echo off

cd %~dp0

signtool sign /a 要签名的程序.exe