ClickOnce application EXE file certificate signing

Question

I am distributing my application through ClickOnce.

Now I am signing the ClickOnce manifests. The setup.exe is signed with a valid publisher. After installation, there is another EXE file for the application to run.

How can I sign the application EXE file?

Answer 1

You should use postbuild task in your CSPROJ file (note that I sign "RELEASE" configuration only):

  <Target Name="SignOutput" AfterTargets="CoreCompile" Condition="'$(ConfigurationName)'=='Release'">
    <PropertyGroup>
      <TimestampServerUrl>http://timestamp.verisign.com/scripts/timestamp.dll</TimestampServerUrl>
      <ApplicationDescription>my app</ApplicationDescription>
      <SigningCertificateCriteria>/n "my company."</SigningCertificateCriteria>
    </PropertyGroup>
    <ItemGroup>
      <SignableFiles Include="$(ProjectDir)obj\$(ConfigurationName)\$(TargetName)$(TargetExt)" />
    </ItemGroup>
    <Exec Condition=" '$(ConfigurationName)'=='Release'" Command="&quot;c:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe&quot; sign $(SigningCertificateCriteria) /d &quot;$(ApplicationDescription)&quot; /t &quot;$(TimestampServerUrl)&quot; &quot;%(SignableFiles.Identity)&quot;" />
  </Target>