en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

Automate eSigner EV Code Signing

These directions will show you how to use CodeSignTool to sign code objects without being prompted for manual OTP entry for each file, enabling automated EV code signing with eSigner certificates. Please refer to SSL.com’s eSigner code signing guide for instructions on installation and basic use of CodeSignTool.

Method 1: TOTP Secret

  1. When the eSigner QR code is displayed for your certificate, copy and save the secret code value shown in a safe location. This is the TOTP (time-based one-time password) secret value associated with your eSigner certificate. In the same way that 2FA authentication software like Authy can use this value as scanned from the QR code to generate valid OTPs for code signing, CodeSignTool can use it to generate OTPs automatically when signing code.
    secret code
  2. Use the TOTP secret in your CodeSignTool command as follows. (Replace the values in ALL-CAPS with your actual values):
    CodeSignTool sign -credential_id=CREDENTIAL-ID -username=USERNAME -password=PASSWORD -totp_secret="TOTP-SECRET" -output_dir_path=OUTPUT-FILE-PATH -input_file_path=INPUT-FILE-PATH
    Note: Whenever possible, you should store these credentials as secrets in your build tool rather than including them directly in your commands and build scripts. Please refer to your software’s documentation for more information.
  3. CodeSignTool will use the secret value specified to calculate an OTP and the input file specified will be signed without an OTP prompt.
    Code signed successfully: C:\Users\Aaron Russell\Desktop\CodeSignTool-v1.0-windows\output\test.exe
    If you get the error message, Error: invalid otp when attempting to sign a file with automation, it could be caused by one or more of these issues:

    • The TOTP secret in the command is associated with a different user account and/or certificate than indicated by the login credentials and credential ID specified.
    • The TOTP secret in the command is otherwise invalid.

Method 2: batch_sign Command

  1. Version 1.2.0 of CodeSignTool includes the command batch_sign, allowing you to sign up to 100 files at one time with one OTP or your TOTP secret. Use a command like the following to sign the code objects in a directory with one OTP. (Replace the values in ALL-CAPS with your actual values. INPUT-DIR-PATH is the directory with files you wish to sign.):
    CodeSignTool batch_sign -username=USERNAME -password=PASSWORD -credential_id=CERDENTIAL-ID -input_dir_path=INPUT-DIR-PATH -output_dir_path=OUTPUT-DIR-PATH
    Enter the OTP - Press enter to continue: 455145
    Batch sign command executed successfully. Output directory for signed files: output
  2. Like the sign command, you can also use your TOTP secret with batch_sign:
    CodeSignTool batch_sign -username=USERNAME -password=PASSWORD -credential_id=CERDENTIAL-ID -input_dir_path=INPUT-DIR-PATH -output_dir_path=OUTPUT-DIR-PATH -totp_secret=TOTP-SECRET
    Batch sign command executed successfully. Output directory for signed files: output
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com