How to install SignTool.exe for Windows 10

You need to install the Windows 10 SDK.

1. Visual Studio 2015 Update 1 contains it already, but it is not installed by default. You should go to Control Panel -> Programs and Features, find Microsoft Visual Studio 2015 and select "Change".

Visual Studio 2015 setup will start. Select "Modify".

In Visual Studio components list find "Universal Windows App Development Tools", open the list of sub-items and select "Windows 10 SDK (10.0.10240)".

Windows 10 SDK in VS 2015 Update 1 Setup

2. Of cause you can install Windows 10 SDK directly from Microsoft: https://go.microsoft.com/fwlink/?LinkID=698771

As josant already wrote - when the installation finishes you will find the SignTool.exe in the folders:

• x86 -> c:\Program Files (x86)\Windows Kits\10\bin\x86
• x64 -> c:\Program Files (x86)\Windows Kits\10\bin\x64\

If you only want SignTool and really want to minimize the install, here is a way that I just reverse-engineered my way to:

1. Download the .iso file from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk (current download link is http://go.microsoft.com/fwlink/p/?LinkID=2022797) The .exe download will not work, since it's an online installer that pulls down its dependencies at runtime.
2. Unpack the .iso with a tool such as 7-zip.
3. Install the Installers/Windows SDK Signing Tools-x86_en-us.msi file - it's only 388 KiB large. For reference, it pulls in its files from the following .cab files, so these are also needed for a standalone install:
   • 4c3ef4b2b1dc72149f979f4243d2accf.cab (339 KiB)
   • 685f3d4691f444bc382762d603a99afc.cab (1002 KiB)
   • e5c4b31ff9997ac5603f4f28cd7df602.cab (389 KiB)
   • e98fa5eb5fee6ce17a7a69d585870b7c.cab (1.2 MiB)

There we go - you will now have the signtool.exe file and companions in C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64 (replace x64 with x86, arm or arm64 if you need it for another CPU architecture.)

It is also possible to commit signtool.exe and the other files from this folder into your version control repository if want to use it in e.g. CI scenarios. I have tried it and it seems to work fine.

(All files are probably not necessary since there are also some other .exe tools in this folder that might be responsible for these dependencies, but I am not sure which ones could be removed to make the set of files even smaller. Someone else is free to investigate further in this area. :) I tried to just copy signtool.* and that didn't work, so at least some of the other files are needed.)

It's 2019 now :) For anyone wondering, here's where you'll find it:

C:\Program Files (x86)\Windows Kits\10\App Certification Kit

Screenshot:

Edit: Still in the same place in 2020.

As per the comments in the question... On Windows 10 Signtool.exe and other SDK tools have been moved into "%programfiles(x86)%\Windows Kits\".

Typical path to signtool on Windows 10.

• 32 bit = "c:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe"
• 64 bit = "c:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe"

Tools for SDK 8.0 and 8.1 also reside in the "Windows Kits" folder.

Best solution end of 2020:

Just download Windows 10 SDK from Microsoft here:
https://go.microsoft.com/fwlink/?LinkID=698771

In setup, choose only Windows App Certification App (it's only 120 MB)

You can find signtool.exe here:
%PROGRAMFILES(X86)%\Windows Kits\10\bin\x64

Cheers!

Location:

C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe

April 28th 2020

I found it here:

C:\Program Files (x86)\Windows Kits\10\App Certification Kit

Another answer from 2021.

You might not need Windows SDK at all. If you have VS-2019 installed, you might already have signtool in C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe

NOTE: The good thing about this particular signtool version (compared to the Windows SDK one), is that it's self-contained, and does not need all the dll's next to it (mssign32.dll, wintrust.dll etc, which usually lie around in Windows SDK folders).

You can even add this file to your source code repo (just one file), since this tool hasn't changed since 2016.

P.S. I had this signtool even without "ClickOnce publishing" component installed in my Visual Studio Community Edition.

In 2019, this is a quite recent link from Microsoft about how to obtain this tool:

The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. For information about why signing files is important, see Introduction to Code Signing. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.

SignTool is available as part of the Windows SDK, which you can download from https://go.microsoft.com/fwlink/p/?linkid=84091.

I only needed signtool, so I chose the minimal I came up with and signtool.exe is now in C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe

Microsoft article link: https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool

to install just the signingtools from the winsdksetup.exe (available at the same url as the windows sdk iso mentioned above) this is an option to, straight from the Dockerfile i'm working in: RUN powershell Start-Process winsdksetup.exe -ArgumentList '/features OptionId.SigningTools', '/q', '/ceip off', '/norestart', -NoNewWindow -Wait

so if you're in windows then that'd be: winsdksetup.exe /features OptionId.SigningTools

winsdksetup /h gives you the options, so i won't summarise them here. I include the dockerfile snippet, as that is what i started my day looking for the solution for.

If you're using VS Express 2015, just go to your control panel --> programs and features --> select vs 2015 --> click change, then in the VS Express installer select 'Modify' --> select Publishing tools, and finish. Once setup completes the changes you will be able to create your installer.

You should go to Control Panel -> Programs and Features, find Microsoft Visual Studio 2015 and select "Change". Visual Studio 2015 setup will start. Select "Modify".

In Visual Studio components list, open the list of sub-items and select "ClickOnce Publication Tools" and "Windows 10 SDK" too.

I did a modify with the Visual Studio from Control Panel, Programs and Features. The SDK was not at first apparent so I installed the Common Tools which lo and behold did include the SDK Update 3.

It's available many, many places, depending upon what is installed: On my box, every one except the v6.0A SDK version supports the /fd option.

SignTool is available as part of the Windows SDK (which comes with Visual Studio Community 2015). Make sure to select the "ClickOnce Publishing Tools" from the feature list during the installation of Visual Studio 2015 to get the SignTool.

Once Visual Studio is installed you can run the signtool command from the Visual Studio Command Prompt.

By default (on Windows 10) the SignTool will be installed in:

• C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe

For me in 2021 the signtool.exe was here: "C:\Program Files (x86)\Windows Kits\10\bin\x64" or in: x86

and not under: C:\Program Files (x86)\Windows Kits\10\App Certification Kit even if I have this folder and may files in it.