Sealing

Code signing, compiling with metadata

Signing Binaries with Self-Signed Certificates
Including Icons and Property Metadata

Signing Binaries with Self-Signed Certificates

Osslsigncode can be used to sign binaries on Linux with X509 certificates.

The following codeblock shows installing osslsigncode on a Linux machine, generating a self-signed certificate, and signing where the password 'bunny' has been used when creating the p12 certificate store.

#Download Sign code
apt install osslsigncode

#Generate the key/cert
openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes

#Generate a p12
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem

#Sign the binary
osslsigncode sign -pkcs12 keyStore.p12 -in nc.exe -out nc-signed.exe -pass 'bunny'

Including Icons and Property Metadata

Resource files can be used to include both icons and populate property data in the binary.