Can cosign replace SignTool.exe for Windows Binaries? #1443
Comments
|
I'm also wondering this. Looking for any reference to pfx and couldn't find anything but this current issue. |
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 5 days with no activity. |
|
Came back looking for update as signing windows binaries still doesn't seem to have a solid solution besides using something like signtool.exe which doesn't work on other platforms. |
|
While cosign does a lot of the same things (signing, getting certs, timestamping), we'd need MSFT to accept our cert for this to work. While we'd love for that to happen, it's a little out of our control. |
|
@znewman01 I think the question is about sigstore capabilities to replace signtool, in a Self-Managed Keys scenario (pfx files). Cosign's integration with several key valut is a key fature to evaluate a migration form signtool. A command line reference or example to achieve the same sign can be really helpful. |
Question
Looking to migrate from SignTool.exe to cosign for windows binaries (exe file); we utilize a .pfx signing cert (protected with a password.
The text was updated successfully, but these errors were encountered: