Every program is checked for a Digital Signature before it runs and if there's no valid signature present a security warning dialog (Screenshot2) appears. To me, that's just look a bit unprofessional. That's not what I want. I don't want to be the Unidentified Publisher. I don't want that my customer get's the advice "Don't run the program unless you know where it's from or you've used it before". What I want is to assure the integrity and authorship of my app (Screenshot1). So I have to sign it.

To sign files you need two things, you need a program to perform the signing operation and a code-sign certificate from a trusted CA vendor such as Thawte, Verisign or others. For Windows platforms you can use a tool named Signtool.exe which is shipped with MS Platform SDK (VS2008 Team Edition includes the latest platform SDK). To perform the signing operation, type the following command into the cmd shell: 

Signtool sign /f codesigncertificate.pfx /p <certificatepassword> / <url_to_timestamp_server> <all_your_files_to_sig_in_one_line>

 
That's it, but only if you want to sign your files manually.
For strong proponents of automated builds in one step (like us) you can wrap it up in an MSBUILD Exec task.

 

<Exec Command="signtool.exe sign /f $(codesigncertificate) /p $(certificatepassword) /t $(url_to_timestamp_server) @(files_to_sign, ' ')"/>
 
Now, you are not any longer the Unidentified Publisher.

We just added a one-step build to the deployment process of Instant Review. Now we can make a shipping build (including encryption, obfuscation, installer, ...) in only one step from our last source snapshot ... AND NOW we're getting closer and closer to Joel's idea of a perfect software team ;-)

 1. Do you use source control? yes
2. Can you make a build in one step? yes
3. Do you make daily builds? In a few days
4. Do you have a bug database? yes
5. Do you fix bugs before writing new code? yes
6. Do you have an up-to-date schedule? weekly
7. Do you have a spec? No, except for large features.
8. Do programmers have quiet working conditions? Sure
9. Do you use the best tools money can buy? Oh, yes
10. Do you have testers? jep
11. Do new candidates write code during their interview? yes
12. Do you do hallway usability testing? Not yet

 If you want to learn more about the Joel-Test: 12 Steps to Better Code visit: http://www.joelonsoftware.com/articles/fog0000000043.html