How to sign your app
Use Microsoft's SignTool to sign your app.
You download it as part of the Windows SDK. Note that it's also possible to install SignTool without installing the entire SDK. Once installed you can use SignTool from the command line like so:
signtool sign /a /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyFile.exe
This will sign MyFile.exe. Explanation of the used command line options:
/a will automatically use the certificate that is valid for the longest time. If you have no certificate, SignTool will display an error.
/fd SHA256 will use the SHA-256 digest algorithm for the file signature. Using SHA256 is recommended and considered to be more secure than the default SHA1 digest algorithm.
/tr http://timestamp.digicert.com adds a timestamp to your signed apps. This is extremely important because this will allow the signature to remain valid even after the certificate itself has already expired. The argument for the /tr option is a timestamp URL. You can use any of the timestamp URL's from this list of free RFC 3161 timestamp servers.
/td SHA256 will use the SHA-256 digest algorithm for the timestamp signature. As before, using SHA256 is recommended and considered to be more secure.
How and when to use self-signed certificates
If you'd like to get a hold of a certificate that you can use to test your process of signing the executable, you can use MakeCert to create a self-signed certificate.
Once you've created your own certificate and have used it to sign your executable, you'll need to manually add it as a Trusted Root CA for your machine in order for [UAC](https://en.wik
(Réponse tronquée)
