How to sign EXE using signtool with Verisign SPC and PVK on the command line？

run “signtool signwizard” to start the signing wizard.

1. File Selection: Choose the EXE you wish to sign (ie, yaosansi.com.exe)
2. Signing Options: Choose “Custom”
3. Signature Certificate: Click “Select from File” and choose “mycredentials.spc”
4. Private Key: Select “Private key file on disk” and choose “myprivatekey.pvk”
   • Leave CSP at “Microsoft Strong Cryptographic Provider”
   • Leave Provider Type at “RSA FULL”
5. Private Key Password: Enter “xxxxxxxxxx”
6. Hash Algorithm: Leave it at ‘sha1’
7. Additional Certificates:
   • Leave it at “All certificates in the certification path, including the root”
   • Leave it at “No additional certificates”
8. Data Description: Enter the following:
   • Description:yaosansi.com
   • Web Location: http://www.yaosansi.com

9. Digital Signature Wizard:

   • Enable “Add a timestamp to the data”

   • Timestamp service URL: http://timestamp.verisign.com/scripts/timstamp.dll
     这里还有两个免费的时间戳服务器

     a.http://timestamp.wosign.com/timestamp
     b.http://timestamp.comodoca.com/authenticode

     Note: This enables the signature to work forever; not sure what this means but the Verisign guy was pretty excited about it

10. Review and click OK
11. Enter private key password: Enter “xxxxxxxxxxx”
12. Done!