Smctl で署名する

SignTool、jarsigner、apksigner、NuGet、Mage、jsign で smctL を使用して署名することができます。

You can integrate third-party signing tools with SMCTL for simplified signing. For other SMCTL commands, refer to the SMCTL command manual.

ヒント

SMCTL does not support all characters in sign commands, review the following:

Supported characters: @ % ^ ( ) - _ = [ ] { } ;
Unsupported characters: | ` $ > < # ! ' & +.

To avoid errors, remove unsupported characters from file paths before attempting to sign.

Prerequisites

SMCTL
DigiCert ONE API key
DigiCert ONE client authentication certificate
Integrate third-party signing tools
Keypair and default certificate
File or folder to be signed

Download and integrate third-party signing tools

Refer to the article below to identify the third-party signing tools that you require based on your operating system and the types of files you need to sign:

Integrate third-party signing tools

ツールをセットアップする

Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your signing tools to ensure that the CLI can reference these signing tools.

例 1. Windows

You can configure the signing tools using SMCTL or environment variables.

To set the path to your signing tools via SMCTL:

Run:

set PATH=%path%;<Path to DigiCert ONE Signing Manager Tools folder>

Command sample:

set PATH=%path%;C:\Program Files\DigiCert\DigiCert One Signing Manager Tools

To verify that the tool has been integrated run the following command in SMCTL:
```
smctl healthcheck --tools
```

To set the path to your signing tools for your system or account:

Search for environment variables in the Windows start menu.
Select Edit environment variables for your account or Edit system environment variables.
Double click on the Path variable.
Click New.
Select Browse.
Select the path to the signing tool.
Signtool 64-bit path example: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64
Signtool 32-bit path example: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86
Jarsigner path example: C:\Program Files\Java\jdk-17\bin\
Apksigner path example: C:\build-tools\31.0.0
Click OK to save the path.
Click on OK to close the dialog.

例 2. Linux

Configure the signing tools using SMCTL.

Launch the Terminal application.
Open the file in an editor:
```
nano ~/.profile
```

Add any exports definitions you need:

export PATH=<Path to Jarsigner>
export PATH=<Path to Jsign>
export PATH=<Path to osslsigncode>

Click CTRL+X to exit.
Click Y to save.
Click Enter to keep the same file name.
Execute the new .profile by restarting Terminal or using:
```
 source ~/.profile
```

例 3. macOS

Configure the signing tools using SMCTL.

Launch the Terminal application.
Create a profile file:
```
touch ~/.zprofile
```
Open the file in an editor:
```
open ~/.zprofile
```

Add any exports definitions you need, such as:

export PATH=<Path to Apksigner>
export PATH=<Path to Jarsigner>
export PATH=<Path to Jsign>
export PATH=<Path to osslsigncode>
export PATH=<Path to Codesign>
export PATH=<Path to Productsign>

To save the new .zprofile, click File > Save (CMD + S).
Close the terminal window and reopen to use new saved variables.

鍵ペアエイリアスと証明書ファイルパスを提供する

証明書を同期させ、鍵ペアエイリアスと証明書ファイルのパスを入力してください。

To sync the default certificate associated with the specified keypair alias:

smctl windows certsync --keypair-alias=<keypair alias>

注記

For more information refer to the Windows command manual.

Sign with SMCTL

When you do not specify a signing tool in the sign command, SMCTL selects the default signing tool based on your operating system and the type of file you are trying to sign. Alternatively, specify the signing tool you want SMCTL to sign with.

注記

For more information refer to the sign command manual.

Sign with the default signing tool

To sign using the certificate fingerprint, use: (recommended)

smctl sign --fingerprint <certificate fingerprint> --input <path to unsigned file or folder>

To sign using the keypair alias, use:

smctl sign --keypair-alias <keypair alias> --certificate <Path to code signing certificate> --input <path to unsigned file or folder>

注記

Specifying the --certificate parameter in the sign command is optional if you are using SMCTL version 1.20 or higher.

Sign and specific signing tool

To sign using a specific third-party tool:

smctl sign --keypair-alias <keypair alias> --certificate <path to code signing certificate> --input <path to unsigned file or folder> --tool <tool>

Command sample:

smctl sign --keypair-alias=dynamic-kp1 --certificate C:\Users\John.Doe\Desktop\smctl\certificate.pem --input C:\Users\John.Doe\Desktop\folder_or_files_to_sign --tool jsign

To sign using jarsigner, osslsigncode, apksigner, or jsign, include the PKCS11 library flag:

smctl sign --keypair-alias <keypair alias> --certificate <path to code signing certificate> --config-file <path to PKCS11 config file> --input <path to unsigned file or folder> --tool <tool>

Command sample:

smctl sign --keypair-alias=dynamic-kp1 --certificate C:\Users\John.Doe\Desktop\smctl\certificate.pem --config-file C:\Users\John.Doe\Desktop\smctl\pkcs11properties.cfg --input C:\Users\John.Doe\Desktop\folder_or_files_to_sign --tool jsign

ヒント

Multiple signatures may occur for different Android versions when you sign with Apksigner. To avoid multiple signatures, sign directly with Apksigner.

検証する

指定したパスにあるすべてのファイルを検索して署名を確認するには、以下を使用します。

smctl sign verify --input <path to signed file or folder>

注記

For more information refer to the verify signature command manual.

削除する

指定されたパスにあるすべてのファイルを検索してそのファイルに基づく署名を削除するには、以下を使用します。

smctl sign remove --input <path to signed file or folder>

注記

For more information refer to the remove signature command manual.

このセクションの内容:

Smctl で署名する

ヒント

Prerequisites

Download and integrate third-party signing tools

ツールをセットアップする

鍵ペアエイリアスと証明書ファイルパスを提供する

注記

Sign with SMCTL

注記

注記

ヒント

検証する

注記

削除する

注記

検索結果