簽署 Windows 10 應用程式套件Sign a Windows 10 app package

在建立可部署 Windows 10 應用程式套件的過程中,應用程式套件簽署是必要步驟。App package signing is a required step in the process of creating a Windows 10 app package that can be deployed. Windows 10 需要使用有效的程式碼簽署憑證來簽署所有應用程式。Windows 10 requires all applications to be signed with a valid code signing certificate.

若要成功安裝 Windows 10 應用程式,套件不只需要簽署,還必須在裝置上受到信任。To successfully install a Windows 10 application, the package doesn't just have to be signed but also trusted on the device. 這表示憑證必須鏈結至裝置上其中一個受信任的根。This means that the certificate has to chain to one of the trusted roots on the device. 根據預設,若憑證來自提供程式碼簽署憑證的憑證授權單位,Windows 10 一般都會信任該憑證。By default, Windows 10 trusts certificates from most of the certificate authorities that provide code signing certificates.

主題Topic 描述Description
簽署的先決條件Prerequisites for signing 本節將討論簽署 Windows 10 應用程式套件所需的必要條件。This section discusses the prerequisites required to sign the Windows 10 app package.
使用 SignToolUsing SignTool 本節將討論如何從 Windows 10 SDK 使用 SignTool 來簽署應用程式套件。This section discusses how to use SignTool from the Windows 10 SDK to sign the app package.
使用 Device Guard 簽署來簽署 MSIX 套件Sign an MSIX package with Device Guard signing 本節討論如何使用 Device Guard 簽署來簽署應用程式。This section discusses how to sign your app with Device Guard signing.

時間戳記Timestamping

強烈建議您在使用憑證簽署應用程式時使用時間It is highly recommended that Timestamping is used when signing your app with a certificate. 時間戳記會保留簽章,讓應用程式部署平台接受應用程式套件 (即使憑證已過期)。Timestamping preserves the signature allowing the app package to accepted by app deployment platform even after the certificate has expired. 在套件檢查階段,時間戳記可讓套件簽章根據簽署時間進行驗證。At the package inspection time, the timestamp allows for the package signature to be validated with respect to the time it was signed. 如此一來,即使憑證不再有效,系統還是會接受套件。This allows for packages to be accepted even after the certificate is no longer valid. 沒有時間戳記的套件將會以目前時間進行評估,如果憑證已失效,則 Windows 不會接受該套件。Packages that are not timestamped will be evaluated against the current time and if the certificate is no longer valid, Windows will not accept the package.

以下是有時間戳記和沒有時間戳記的各別應用程式簽署案例:The following are the different scenarios around app signing with/out timestamping:

沒有時間戳記的應用程式簽署App is signed without timestamping 有時間戳記的應用程式簽署App is signed with timestamping
憑證有效Certificate is valid 應用程式將安裝App will install 應用程式將安裝App will install
憑證無效 (過期)Certificate is invalid(expired) 應用程式無法安裝App will fail to install 應用程式會在有時間戳記的授權單位簽署並驗證憑證授權單位後進行安裝App will install as the authenticity of the cert was verified at signing by timestamping authority

注意

如果應用程式已成功安裝在裝置上,無論有無時間戳記,該應用程式依然能在憑證過期後繼續執行。If the app is successfully installed on a device, it will continue to run even after the certificate expiry regardless of it being timestamped or not.

裝置模式Device mode

Windows 10 可讓使用者在「設定」應用程式中選取用來執行裝置的模式。Windows 10 allows users to select the mode in which to run their device on in the Settings app. 這些模式為 Microsoft Store 應用程式、側載應用程式及開發人員模式。The modes are Microsoft Store apps, Sideload apps, and Developer mode.

Microsoft Store 應用程式最安全,因為只允許安裝 Microsoft Store 中的應用程式。Microsoft Store apps is the most secure as it only allows the installation of apps from the Microsoft Store. Microsoft Store 中的應用程式會經過認證程序,以確保能安全使用應用程式。Apps in the Microsoft Store go through certification process to ensure that the apps are safe for use.

側載應用程式開發人員模式的限制較寬鬆,應用程式可由其他憑證簽署,只要這些憑證是受信任的憑證,而且鏈結至裝置上其中一個受信任的根即可。Sideload apps and Developer mode are more permissive of apps that are signed by other certificates as long as those certificates are trusted and chain to one of the trusted roots on the device. 只有當您是開發人員且對 Windows 10 應用程式進行建置和偵錯時,才應選取開發人員模式。Only select Developer mode if you are a developer and building or debugging Windows 10 apps. 您可以在此處找到開發人員模式相關資訊及其所提供的功能。More info about Developer mode and what it provides can be found here.