Signs the specified file using the specified certificate.
The following table describes the parameters of the
Note that SHA-256 certificates are allowed only on machines that have .NET 4.5 and higher.
Starting in Visual Studio 2013 Update 3, this task has a new signature that allows you to specify the target framework version for the file. You are encouraged to use the new signature wherever possible, because the MSBuild process uses SHA-256 hashes only when the target framework is .NET 4.5 or higher. If the target framework is .NET 4.0 or below, the SHA-256 hash will not be used.
Specifies the certificate to use for signing. This certificate must be in the current user's personal store.
||Required ITaskItem parameter.
Specifies the files to sign with the certificate.
Specifies the URL of a time stamping server.
||The version of the .NET Framework that is used for the target.|
The following example uses the
SignFile task to sign the files specified in the
FilesToSign item collection with the certificate specified by the
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup> <FileToSign Include="File.exe" /> </ItemGroup> <PropertyGroup> <Certificate>Cert.cer</Certificate> </PropertyGroup> <Target Name="Sign"> <SignFile CertificateThumbprint="$(CertificateThumbprint)" SigningTarget="@(FileToSign)" TargetFrameworkVersion="v4.5" /> </Target> </Project>
The certificate thumbprint is the SHA-1 hash of the certificate. For more information, see Obtain the SHA-1 hash of a trusted root CA certificate. If you copy and paste the thumbprint from the certificate details, make sure you do not include the extra (3F) invisible character, which may prevent
SignFile from finding the certificate.