WinSignHelper Quickstart

What is WinSignHelper?

WinSignHelper is a GUI for osslsigncode. WinSignHelper makes it very easy to code sign Windows .exe and .dll files under Mac OS X with osslsigncode. A version of osslsigncode has to be installed. See instructions below how to install osslsigncode.

WinSignHelper was created to help Livecode developers to easily code sign their Windows standalones without the need of a Windows computer or virtual machine. Of course WinSignHelper can also be used with any standalone, not only with Livecode created ones.

How do i use WinSignHelper

Just drag a folder which contains your windows program files into the window of WinSignHelper. WinSignHelper will immediately start. If you’ve selected to make a backup copy of your folder first then WinSignHelper creates a backup and starts then to sign the files in the original folder. The user will be informed about the result of the signing.

How do i install osslsigncode?

The easiest way to install osslsigncode is to use HomeBrew.

If Homebrew is not installed then you have to first install Homebrew. If Homebrew is already installed on your system then jump directly to step 3.

  1. open Terminal
  2. in Terminal run the following command and wait for the command to finish
    ruby -e "$(curl -fsSL“
  3. Now run the following command in Terminal
    brew install osslsigncode

Setting the CodeSign preferences

There are some settings you have to set in WinSignHelper before you can use it.

The following settings are available

  1. The path to the osslsigncode executable.  (required)
    default: /usr/local/Cellar/osslsigncode/1.7.1/bin/osslsigncode
    At the time of writing the current version of osslsigncode was 1.7.1.
    When changing the path to osslsigncode the answer dialog opens with the folder /usr/local/bin. If osslsigncode was correctly installed then you should find a link file osslsigncode in the file list which you should select. Selecting that should put the correct path to the executable osslsigncode.
  2. The path to the p12/pfx certificate             (required)
  3. Password of the certificate.                       (optional)
    If not set, then the user has to enter the password when the signing process starts
  4. Hash algorithm, default: SHA256
    Select between SHA256, SHA1 and Dual signing SHA1 + SHA256. Dual signing might be useful if you want to sign your files  older Windows version like Windows XP.
  5. The URL of the timestamp server for SHA256
  6. The URL of the timestamp server for SHA1
  7. Select if you want to make a backup copy of the folder before signing. A not successful sign process might result in a defective or deleted file. So making a backup before signing might be a good idea.
    default: Yes
  8. Select if you want WinSignHelper to play a notification sound when the signing process has successfully finished or when an error occured.
    default is "checked"

    The 3 buttons have the following functions:

  9. Reset to  default values
  10. Save the current settings permanently to disk.
  11. Close preferences

Some really important notes:

  1. The Windows files need to have read and write permissions. Otherwise signing is not possible. The created Livecode standalone (.exe) has the correct permissions, but not the externals (.dll). They are write protected. Therefore WinSignHelper needs to change the file permission for each file before it is signed. WinSignHelper uses the shell command chmod. The permissions are set to 666 which is equivalent to -rw-rw-rw-.
  2. An unsuccessful signing of a file will delete the file. So better make a backup of the folder either manually or let WinSignHelper do a backup for you automatically before signing.