We have currently a fully automated process to generate installers from source code using ANT
.
We create different files of below type :
- JAR
- EXE
- DLL
- MSI
- APP files for the MAC OS X version.
Each one of the files is digitally signed, but the digital certificate is stored in the required format of each tool.
For example: jarsigner uses JSR files. signtool uses the digital certificates repository in the control panel and codesign uses the similar repository in the MAC. We created a PKCS12 to import our certificate on every other required container.
Now we plan to shift up and use an EV certificate for code signing that is stored in a hardware token connected via USB to the computer. The challenge is to integrate the hardware token with all signing tools from different vendors and use it in a batch mode so we don't need to type a password for every file to be signed (we can sign up to 2,000 files in one batch).
I am searching for a solution that shows it can handle all requirements. I've found no solution yet.