Code sign your EXE file (digital signature)



All XLS Padlock Options > Distribute EXE > Code sign your EXE file (digital signature)


When you digitally sign a compiled workbook EXE file (this is called code signing), you ensure end users that the code within the EXE file they are to receive has not been tampered with or altered. Digital signing is based on Microsoft Authenticode® technology. This enables end users and the operating system to verify that program code comes from the rightful owner.

Thanks to XLS Padlock, it is easy to sign your .exe files since XLS Padlock handles everything itself.


If you plan to distribute your EXE files on the Internet, code signing is strongly recommended. Thus, web browsers and Windows will not show “Unidentified Publisher” warnings (see screenshot below), and this will also help to avoid false positives from antivirus programs.



Steps to apply a digital signature to the EXE file

You have to obtain a valid code signing certificate from a certificate authority (CA), a third party trusted by the industry, akin to a notary who handles electronic IDs. Comodo and Verisign are two examples of CA.


Certification authorities offer different types of certificates to buy. Only code signing certificates are handled by Authenticode, don't be mistaken in the type to buy.


You can digitally sign your .EXE only if you have received your Personal Information Exchange file (PFX or P12) from a Certificate Authority.


In order to sign the package .EXE file, XLS Padlock requires the location to your code signing certificate. It can be stored in an external file (.PFX) or in the Windows Certificate Store (Local Computer, Personal section). You must select the certificate’s location, and provide either the path to the PFX file, the certificate’s subject name, or the certificate’s thumbprint.

Information URL is embedded in your digital signature to link to a location you would like end users to visit in order to learn more about your workbook or company.

Click Sign EXE File now to code sign the protected workbook. Alternatively, if you want to automate this, you can enable “Automatically sign my EXE file” and XLS Padlock will do it for you when compiling the application.

Signatures with SHA-256 and SHA-1 digests

It is now recommended to use signatures with an SHA-256 instead of an SHA-1 message digest. However, old Windows versions such as Vista or XP do not recognize SHA-256 signatures. In that situation, it is possible to add two signatures to the .EXE file: this is called “dual code signing”.

By default, XLS Padlock will work with “dual code signing” if it is run on Windows 8 or later. On Windows 7, an SHA-256 signature is used by default and on previous Windows versions, an SHA-1 signature.


If an error occurs while performing code signing, you can look into the compilation log (file named your workbook filename .xplcompil.log).




Copyright © 2022 G.D.G. Software