Sign Windows executables from Windows or MacOS
Last updated 4 years ago by develar .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install signcode-tf 
SYNC missed versions from official npm registry.


Travis Build Status js-standard-style npm downloads

Sign Windows executables and installers from a Mac.

Works with .pem, .p12, and .pfx code signing files.

Signs with sha1 and sha256 signatures by default.


npm install --save-dev signcode


var signcode = require('signcode')

var options = {
  cert: '/Users/kevin/certs/cert.pem',
  key: '/Users/kevin/certs/key.pem',
  overwrite: true,
  path: '/Users/kevin/apps/myapp.exe'

signcode.sign(options, function (error) {
  if (error) {
    console.error('Signing failed', error.message)
  } else {
    console.log(options.path + ' is now signed')


Name Type Required Description
cert String Yes Path to a certificate file.
path String Yes File path to executable to sign.
hash Array No Signature types to sign the executable with. Defaults to ['sha1', 'sha256'].
key String No Path to a .pem key file. Only required if cert is a .pem file.
name String No Product name to include in the signature.
overwrite Boolean No true to sign the executable in place, false to write the signed file at the same path but with -signed at the end of it. Defaults to false.
password String No Password to the certificate or key.
passwordPath String No Path to a file containing the password for the certificate or key.
site String No Website URL to include in the signature.
signcodePath String No path to tool used for signing. Default to bundled tool.

Command Line

signcode /Users/kevin/apps/myapp.exe \
  --cert /Users/kevin/certs/cert.p12 \
  --prompt \
  --name 'My App' \
  --url ''

Run signcode -h to see all the supported options.

Cert helpers commands

These commands are helpful when working with certificates.

Create cert and key with no password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes

Create cert and key with a password

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

Create a p12 with no password

openssl pkcs12 -export -out ./test/fixtures/cert.p12 -inkey ./test/fixtures/key.pem -in ./test/fixtures/cert.pem

Show fingerprint of a cert

openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha1
openssl x509 -noout -in ./test/fixtures/cert.pem -fingerprint -sha256

Current Tags

  • 0.7.5                                ...           latest (4 years ago)

10 Versions

  • 0.7.5                                ...           4 years ago
  • 0.7.3                                ...           4 years ago
  • 0.7.2                                ...           4 years ago
  • 0.7.1                                ...           4 years ago
  • 0.7.0                                ...           4 years ago
  • 0.6.3                                ...           4 years ago
  • 0.6.2                                ...           4 years ago
  • 0.6.1                                ...           4 years ago
  • 0.6.0                                ...           4 years ago
  • 0.5.0                                ...           4 years ago
Maintainers (1)
Today 0
This Week 2
This Month 20
Last Day 0
Last Week 18
Last Month 70
Dependencies (2)
Dev Dependencies (3)

Copyright 2014 - 2016 © |