This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 34%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hello,
I try to use signtool to sign the hash of an executable file with an external tool.
Unfortunately the option /di to inject the sign hash doesn't work.
There is no error message, but when I check the properties of the file there is the message "no signature was present in the subject", the cert is present but not the signature it seems.
I have followed vcsjones.dev on Custom Keys with Authenticode Signing
signtool sign /dg "C:\scratch\dir" /fd SHA256 /f public-cert.cer notepad.exesigntool sign /di "C:\scratch\dir" notepad.exeI think the problem is from the signature returned by my external tool but there is no much documentation on how to use and what signature is expected.
I try different permutation since 3 weeks now, any help will be so much appreciated.
The solution is to add the SHA header to the digest before signing it. The digest provided by Signtools does not contain this header, even though it is necessary for the signature to be recognized by Signtools.
It should be documented ...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 22%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Can you give an example of what the SHA header should look like.
Thanks.
What should the SHA header look like?
