Marty, you could use signtool.exe https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
which is part of the Windows SDK kit https://developer.microsoft.com/windows/downloads/windows-sdk to automatic signing in Innosetup using the dongle https://jrsoftware.org/ishelp/index.php?topic=setup_signtool I am not sure if that page already covers signing with a dongle, but at least you see how to setup innosetup for use with signtool. You'll find the correct parameters at the end of this email. It is mandatory that your USB dongle is connected to your computer and also the drivers for that USB token must be installed correctly. When connecting the USB dongle to your computer you automatically should be asked for your "access" password. The password which allows to access the token. After entering this your certificate is available for signing using signtool.exe. The sign command would look like this signtool.exe sign /n ##certowner## /tr ##timestampserver## /td sha256 /fd sha256 /v ##file(s)## ##certowner## - name of the cert owner ##timestampserver## - the url for the timestamp server - this is information is normally provided with the certificate ##files## - path the the file or files to be signed If only one code signing certificate is on the token then you could use signtool sign /a /tr ##timestampserver## /td sha256 /fd sha256 /v ##file(s)## Parameter /a searches for the best available code signing certificate that is valid for the longest time. Btw. about 5 months ago I posted this here in the list. Maybe this is also of help for you. << WinSignHelperV2 is now available in the Sample stacks section of LC. Just search for WinSignHelperV2. It is also here available https://livecodeshare.runrev.com/stack/1040/WinSignHelperV2 The tool builds the correct signtool.exe parameters and execute signtool.exe It was now successfully tested with Cloudbased code signing certificate and also with a code signing certificate on a USB token. You just drag the folder which contains the .exe and any additional .dll files to the stack and the tool creates the command with all parameters and executes signtool.exe then. Signtool.exe is part of the Windows sdk. A download url for the sdk can be found in the help section of the main stack. The main stack is password protected. This stack only works on Windows, regardless if on a VM or on real hardware. So if anyone is interested, then give it a try. >> HTH Matthias > Am 06.03.2025 um 00:56 schrieb Marty Knapp via use-livecode > <use-livecode@lists.runrev.com>: > > Just had to renew my code signing certificate for Windows. Used K Soft as > before but the certificate came from Sectigo (dang expensive) and came on a > USB dongle. I exported the certificate so I could use my automated setup > using Inno setup and the K Sign app which worked great before. Can’t get it > to work. Anybody gone down this road? Tech support seems to be non-existent > from either Sectigo or K Soft. > > --- > Marty Knapp > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
