I’ve managed to perform a code signing operation using signtool with a test key I generated on a SmartCard-HSM. Here is what I did:
- Generate a RSA 2048 key pair and a certificate with extended key usage id-kp-codeSigning.
- Run certutil -scinfo to display the certificate
- Select “Import” in the certificate details view
- Verify that the certificate shows up in certmgr.msc
- Use signtool filetosign.exe