Sealing
Code signing, compiling with metadata
Signing Binaries with Self-Signed Certificates
Osslsigncode can be used to sign binaries on Linux with X509 certificates.
The following codeblock shows installing osslsigncode
on a Linux machine, generating a self-signed certificate, and signing where the password 'bunny' has been used when creating the p12 certificate store.
#Download Sign code
apt install osslsigncode
#Generate the key/cert
openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes
#Generate a p12
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem
#Sign the binary
osslsigncode sign -pkcs12 keyStore.p12 -in nc.exe -out nc-signed.exe -pass 'bunny'
Including Icons and Property Metadata
Resource files can be used to include both icons and populate property data in the binary.