Signing Manager Controller (SMCTL)

Signing Manager Controller (SMCTL) provides a Command Line Interface (CLI) that facilitates manual and automated private key management, certificate management, and signing with or without the need for human intervention.

SMCTL comes with a built-in help function and provides instructions on all commands and subcommands to assist users in the CTL tool. See SMCTL command manual.

SMCTL provides secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.

Prerequisites

Commands

To view all SMCTL commands:

smctl --help

smctl -h

Subcommands

These subcommands specify the actions you can apply to commands when using SMCTL.

All SMCTL commands begin with:

smctl <subcommand>

表 1. SMCTL のサブコマンド

ショートカット	サブコマンド	説明
cert	certificate	証明書を管理します。
creds	credentials	OS の資格情報ストアの DigiCert® Software Trust Manager 資格情報を管理します。
	gpg	GPG鍵ペアとキーリングを管理します。
	healthcheck	View and confirm the validity of the credentials and tools configured.
	hsm	Manage HSMs mapped to your Software Trust Manager account.
kp	keypair	鍵ペアを管理します。
	logs	ログを管理します。
	manual	Signing Managerのコマンドラインインターフェイスの最新の man ページを生成します。デフォルトでは、現在のディレクトリの下の man-pages ディレクトリにマニュアルページファイルが作成されます。
	notarization	Manage notarizations for Apple binaries. This command is only available on macOS.
rel	release	リリースを管理します。
sc	scan	Manage scans powered by ReversingLabs.
	sign	署名、検証、削除を行います。
	user	ユーザーデータを取得します。
	windows	Windows OS特有のコマンド

Flags

Flags are used to modify the behavior of a subcommand by specifying parameters. Apply these flags to the subcommands above when using SMCTL.

表 2. Flags for SMCTL

Shortcut	Flag	Description
-v	--version	Version of SMCTL.
	--dir string	Specify the directory to write the man pages. Default is man-pages/. Format: --dir="<value>"
-h	--help	Help for SMCTL.

What signing tools can SMCTL integrate with?

SMCTL integrates with and enables secure hash-based signing with the following signing tools while maintaining key protection, permission-based access and reporting all signing activities:

例 1. Windows

You can sign the following file types using these tools on Windows:

表 3. File types supported for signing on Windows

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Mage	.application
	.manifest
	.vsto
Nuget	.nupkg
Signtool (64-bit)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.crx (only MS-DOS EXE package format)
	.dbx
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.psi
	.psm1
	.stl
	.sys
	.vbs
	.vsix
	.vxd
	.wsf
	.xap
	.xsn
Signtool (32-bit)	.doc
	.docm
	.dot
	.dotm
	.mpp
	.mpt
	.pot
	.potm
	.ppa
	.ppam
	.pps
	.ppsm
	.ppt
	.pptm
	.pub
	.vdw*
	.vdx*
	.vsd*
	.vsdm
	.vss*
	.vssm
	.vst*
	.vstm
	.vsx*
	.vtx*
	.wiz*
	.xla
	.xlam
	.xls
	.xlsb
	.xlsm
	.xlt
	.xltm

例 2. Linux

You can sign the following file types using these tools on Linux:

表 4. File types supported for signing on Linux

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Jsign (default)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.crx
	.dbx
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.ps1
	.psm1
	.stl
	.sys
	.vbs
	.vxd
	.wsf
	.xap
	.xlsm
	.xsn
osslsigncode	.exe
	.dll
	.sys
	.msi
	.msp
	.msm
	.ocx
	.cpl
	.arx
	.cbx
	.dbx
	.crx
	.drx
	.deploy

例 3. Mac

You can sign the following file types using these tools on Mac:

表 5. File types supported for signing on Mac

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Jsign (default)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.ps1
	.psm1
	.stl
	.sys
	.vbs
	.vxd
	.wsf
	.xap
	.xlsm
	.xsn
Codesign Provided as part of the macOS	.app
Codesign Provided as part of the macOS	.dmg
Productsign Provided as part of the macOS	.pkg

Download SMCTL

Sign in to DigiCert ONE.
Navigate to DigiCert® Software Trust Manager > Resources > Client tool repository.
Select your operating system.
Click the download icon next to Signing Manager Controller (SMCTL).

Set up environment variables

Follow the instructions in one of the following articles based on the operating system you will use to sign:

Verify connection

To verify that your client can properly authenticate to the DigiCert® Software Trust Manager service:

Open smctl.exe.
Run:
```
smctl healthcheck
```

Obtain latest versions of SMCTL and other client tools

Review the following table to understand how to obtain the latest version of SMCTL and other client tools:

表 6.

SMCTL or client tools	Sample command
SMCTL (with auth)	`curl -X GET -o C:\test\STM_DL/smtools-windows-x64.msi https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%"`
SMCTL (without auth)	`curl -X GET -o C:\test\STM_DL\smtools-windows-x64.msi https://one.digicert.com/signingmanager/api-ui/v1/releases/noauth/smtools-windows-x64.msi/download`
JCE	`curl -X GET -o C:\test\STM_DL\client-tools/digicert-jce-1.0.zip https://one.digicert.com/signingmanager/api-ui/v1/releases/noauth/digicert-jce-1.0.zip/download`

このセクションの内容: