-
Notifications
You must be signed in to change notification settings - Fork 498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can cosign replace SignTool.exe for Windows Binaries? #1443
Comments
I'm also wondering this. Looking for any reference to pfx and couldn't find anything but this current issue. |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This issue was closed because it has been stalled for 5 days with no activity. |
Came back looking for update as signing windows binaries still doesn't seem to have a solid solution besides using something like signtool.exe which doesn't work on other platforms. |
While cosign does a lot of the same things (signing, getting certs, timestamping), we'd need MSFT to accept our cert for this to work. While we'd love for that to happen, it's a little out of our control. |
@znewman01 I think the question is about sigstore capabilities to replace signtool, in a Self-Managed Keys scenario (pfx files). Cosign's integration with several key valut is a key fature to evaluate a migration form signtool. A command line reference or example to achieve the same sign can be really helpful. |
Question
Looking to migrate from SignTool.exe to cosign for windows binaries (exe file); we utilize a .pfx signing cert (protected with a password.
The text was updated successfully, but these errors were encountered: