Signing a Windows app签署Windows应用
Code signing is a security technology that you use to certify that an app was created by you.代码签名是一种安全技术,用于证明应用程序是由您创建的。
Starting June 1, 2023 at 00:00 UTC, private keys for code signing certificates need to be stored on a hardware storage module compliant with FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent.从2023年6月1日00:00UTC开始,代码签名证书的私钥需要存储在符合FIPS 140 Level 2、Common Criteria EAL 4+或同等标准的硬件存储模块上。
In practice, this means that software-based OV certificates used in the steps below will no longer be available for purchase. 在实践中,这意味着以下步骤中使用的基于软件的OV证书将不再可供购买。For instructions on how to sign applications with newer token-based certificates, consult your Certificate Authority's documentation.有关如何使用较新的基于令牌的证书对应用程序进行签名的说明,请参阅证书颁发机构的文档。
Prerequisites先决条件
Installing Visual Studio安装Visual Studio
On Windows, apps are signed using Sign Tool, which is included in Visual Studio. 在Windows上,应用程序使用Visual Studio中包含的签名工具进行签名。Install Visual Studio to get the signing utility (the free Community Edition is enough).安装Visual Studio以获得签名实用程序(免费的社区版就足够了)。
Acquiring a certificate获取证书
You can get a Windows Authenticode code signing certificate from many vendors. Prices vary, so it may be worth your time to shop around. Popular vendors include:您可以从许多供应商处获得Windows验证码签名证书。价格各不相同,所以货比三家可能是值得的。受欢迎的供应商包括:
- digicert
- Sectigo
Amongst others, please shop around to find one that suits your needs!除此之外,请货比三家,找到一家适合您需求的! 😄
Keep your certificate password private将证书密码保密
Your certificate password should be a secret. 你的证书密码应该是一个秘密。Do not share it publicly or commit it to your source code.不要公开分享或将其提交到源代码中。
Configuring Electron Forge配置Electron Forge
On Windows, Electron apps are signed on the installer level at the Make step.在Windows上,Electron应用程序在“制作”步骤中在安装程序级别进行签名。
Once you have a Personal Information Exchange (一旦您的证书有了个人信息交换(.pfx) file for your certificate, you can sign Squirrel.Windows and MSI installers in Electron Forge with the certificateFile and certificatePassword fields in their respective configuration objects..pfx)文件,您就可以在Electron Forge中使用各自配置对象中的certificateFile和certificatePassword字段为Squirrel.Windows和MSI安装程序签名。
For example, if you are creating a Squirrel.Windows installer:例如,如果您正在创建SquirrelWindows安装程序:
module.exports = {
packagerConfig: {},
makers: [
{
name: '@electron-forge/maker-squirrel',
config: {
certificateFile: './cert.pfx',
certificatePassword: process.env.CERTIFICATE_PASSWORD
}
}
]
};