Signing Manager Controller (SMCTL)

Signing Manager Controller (SMCTL) provides a Command Line Interface (CLI) that facilitates manual and automated private key management, certificate management, and signing with or without the need for human intervention.

SMCTL comes with a built-in help function and provides instructions on all commands and subcommands to assist users in the CTL tool.

SMCTL provides secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.

Prerequisites

Commands

To view all SMCTL commands:

smctl --help

smctl -h

Subcommands

These subcommands specify the actions you can apply to commands when using SMCTL.

All SMCTL commands begin with:

smctl <subcommand>

表 1. SMCTL のサブコマンド

ショートカット	サブコマンド	説明
cert	certificate	証明書を管理します。
creds	credentials	OS の資格情報ストアの DigiCert® Software Trust Manager 資格情報を管理します。
	gpg	GPG鍵ペアとキーリングを管理します。
	healthcheck	View and confirm the validity of the credentials and tools configured. For Windows and Linux, run: smctl healthcheck For macOS, run: ./smctl-mac-x64 healthcheck
	hsm	Manage HSMs mapped to your Software Trust Manager account.
kp	keypair	鍵ペアを管理します。
	logs	ログを管理します。
	manual	Signing Managerのコマンドラインインターフェイスの最新の man ページを生成します。デフォルトでは、現在のディレクトリの下の man-pages ディレクトリにマニュアルページファイルが作成されます。
	notarization	Manage notarizations for Apple binaries. This command is only available on macOS.
rel	release	リリースを管理します。
sc	scan	Manage scans powered by ReversingLabs.
	sign	署名、検証、削除を行います。
	user	ユーザーデータを取得します。
	windows	Windows OS特有のコマンド

Flags

Flags are used to modify the behavior of a subcommand by specifying parameters. Apply these flags to the subcommands above when using SMCTL.

表 2. Flags for SMCTL

Shortcut	Flag	Description
-v	--version	This flag displays the version of SMCTL.
Not applicable	--dir string	This flag specifies the directory where the man pages will be written, with the default being man-pages/. Format: --dir="<value>"
-h	--help	This flag displays help information for SMCTL.
Not applicable	--description	This flag: Sets the description for the signed content. Is only applicable when using Windows signtool. Maps to the /d flag in signtool.
Not applicable	--desc-url	This flag: Sets the URL for the description of the signed content. Is only applicable when using Windows signtool. Maps to the /du flag in signtool.

What signing tools can SMCTL integrate with?

SMCTL integrates with and enables secure hash-based signing with the following signing tools while maintaining key protection, permission-based access and reporting all signing activities:

例 1. Windows

You can sign the following file types using these tools on Windows:

表 3. File types supported for signing on Windows

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Mage	.application
	.manifest
	.vsto
Nuget	.nupkg
Signtool (64-bit)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.crx (only MS-DOS EXE package format)
	.dbx
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.psi
	.psm1
	.stl
	.sys
	.vbs
	.vsix
	.vxd
	.wsf
	.xap
	.xsn
Signtool (32-bit)	.doc
	.docm
	.dot
	.dotm
	.mpp
	.mpt
	.pot
	.potm
	.ppa
	.ppam
	.pps
	.ppsm
	.ppt
	.pptm
	.pub
	.vdw*
	.vdx*
	.vsd*
	.vsdm
	.vss*
	.vssm
	.vst*
	.vstm
	.vsx*
	.vtx*
	.wiz*
	.xla
	.xlam
	.xls
	.xlsb
	.xlsm
	.xlt
	.xltm

例 2. Linux

You can sign the following file types using these tools on Linux:

表 4. File types supported for signing on Linux

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Jsign (default)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.crx
	.dbx
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.ps1
	.psm1
	.stl
	.sys
	.vbs
	.vxd
	.wsf
	.xap
	.xlsm
	.xsn
osslsigncode	.exe
	.dll
	.sys
	.msi
	.msp
	.msm
	.ocx
	.cpl
	.arx
	.cbx
	.dbx
	.crx
	.drx
	.deploy

例 3. Mac

You can sign the following file types using these tools on Mac:

表 5. File types supported for signing on Mac

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Jsign (default)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.ps1
	.psm1
	.stl
	.sys
	.vbs
	.vxd
	.wsf
	.xap
	.xlsm
	.xsn
Codesign Provided as part of the macOS	.app
Codesign Provided as part of the macOS	.dmg
Productsign Provided as part of the macOS	.pkg

Download SMCTL

In the DigiCert® Software Trust Manager menu, go to Resources > Client tool repository.
Select your operating system.
Click the download icon next to Signing Manager Controller (SMCTL).

Set up environment variables

Follow the instructions in one of the following articles based on the operating system you will use to sign:

Verify connection

To verify that your client can properly authenticate to the DigiCert® Software Trust Manager service:

Open smctl.exe.
For Windows® and Linux®, run:
```
smctl healthcheck
```
For macOS, run:
```
./smctl-mac-x64 healthcheck
```

Obtain latest versions of SMCTL and other client tools

Review the following table to understand how to obtain the latest version of SMCTL and other client tools:

表 6.

SMCTL or client tools	Sample command
SMCTL (with auth)	`curl -X GET -o C:\test\STM_DL/smtools-windows-x64.msi https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%"`
SMCTL (without auth)	`curl -X GET -o C:\test\STM_DL\smtools-windows-x64.msi https://one.digicert.com/signingmanager/api-ui/v1/releases/noauth/smtools-windows-x64.msi/download`
JCE	`curl -X GET -o C:\test\STM_DL\client-tools/digicert-jce-1.0.zip https://one.digicert.com/signingmanager/api-ui/v1/releases/noauth/digicert-jce-1.0.zip/download`

このセクションの内容: