macOS
brew install osslsigncodelocal Homebrew formula metadata
sudo port install osslsigncodeMacPorts ports tree · devel/osslsigncode/Portfile · source: api.github.com
brew
OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Version 2.13 via Homebrew; verified from local package data.
install
brew install osslsigncodelocal Homebrew formula metadata
sudo port install osslsigncodeMacPorts ports tree · devel/osslsigncode/Portfile · source: api.github.com
sudo apt install osslsigncodeDebian stable package indexes · osslsigncode · source: deb.debian.org
sudo dnf install osslsigncodeFedora Rawhide package metadata · osslsigncode · source: dl.fedoraproject.org
nix profile install nixpkgs#osslsigncodenixpkgs package indexes · pkgs/by-name/os/osslsigncode/package.nix · source: api.github.com
sudo zypper install osslsigncodeopenSUSE Tumbleweed package metadata · osslsigncode · source: download.opensuse.org
scoop install main/osslsigncodeScoop official bucket manifest trees · bucket/osslsigncode.json · source: api.github.com
winget install --id MichalTrojnara.osslsigncode -eWindows Package Manager source index · MichalTrojnara.osslsigncode · source: cdn.winget.microsoft.com
overview
OpenSSL based Authenticode signing for PE/MSI/Java CAB files
history
osslsigncode is an OpenSSL- and cURL-based command-line implementation of Authenticode signing, timestamping, verification, removal, and extraction for Windows-oriented file formats such as PE, CAB, CAT, MSI, APPX, and selected script files.
The project was created to avoid depending on Microsoft's `signtool.exe` and Windows CryptoAPI when signing Windows binaries from Unix-like build environments. Its README explains the origin plainly: binaries could be built with Wine on Linux, but signing with signtool failed because the necessary Windows APIs were not fully implemented there.
The codebase records a longer authorship chain than the GitHub namespace suggests. The main C source includes copyright attribution for Per Allansson for 2005-2015 and Michal Trojnara for 2018-2023, while the maintained GitHub repository is under mtrojnar and uses CMake-based builds.
osslsigncode filled a practical gap for cross-platform release engineering: sign Windows installers and executables from Linux or macOS CI systems using OpenSSL-compatible key material. Its packaging across Homebrew, Debian/Ubuntu, Fedora, MacPorts, Nix, Scoop, winget, and openSUSE reflects that it is used by build and security pipelines rather than by end-user desktop workflows.
Vendor documentation from DigiCert includes osslsigncode in third-party signing-tool instructions for PKCS#11 workflows, showing that certificate authorities and signing services treat it as a supported path for Authenticode operations outside Microsoft tooling.
A typical use signs a PE or MSI file with a certificate and private key, optionally adds an Authenticode or RFC 3161 timestamp, and verifies the resulting signature. The README also documents PKCS#12 containers, PKCS#11 engines and providers, Windows CNG engine use, CAB Java signing compatibility, and operations for extracting or removing signatures.
The tool is especially useful in CI/CD systems that build Windows artifacts on non-Windows hosts or store signing keys in HSM, token, PKCS#11, or provider-backed systems.
osslsigncode is significant because it packages a Windows trust-format workflow in portable Unix-style form. It sits at the awkward intersection of OpenSSL, Windows Authenticode, timestamp authorities, hardware-backed keys, and reproducible release automation.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
osslsigncode | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/mtrojnar/osslsigncode
install metadata
| Package key | brew:osslsigncode |
|---|---|
| Version | 2.13 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/osslsigncode |
| Homepage | https://github.com/mtrojnar/osslsigncode |
| Repository | https://github.com/mtrojnar/osslsigncode |
| Upstream docs | https://github.com/mtrojnar/osslsigncode#readme |
| License | GPL-3.0-or-later |
| Source archive | https://github.com/mtrojnar/osslsigncode/archive/refs/tags/2.13.tar.gz |
| Dependencies | openssl@3 |
| Build dependencies | cmake |
| Uses from macOS | curl, python |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | osslsigncode |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
osslsigncode 2.9-2
Authenticode signing tool
https://github.com/mtrojnar/osslsigncode
sudo apt install osslsigncodeosslsigncode
nix profile install nixpkgs#osslsigncodeosslsigncode 2.8-2
Authenticode signing tool
https://github.com/mtrojnar/osslsigncode
sudo apt install osslsigncodeosslsigncode 2.13-1.fc45
OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX
https://github.com/mtrojnar/osslsigncode
sudo dnf install osslsigncodeosslsigncode 2.13-1.2
Platform-independent tool for Authenticode signing of EXE/CAB files
https://github.com/mtrojnar/osslsigncode
sudo zypper install osslsigncodeosslsigncode
sudo port install osslsigncodemain/osslsigncode
scoop install main/osslsigncodeMichalTrojnara.osslsigncode
winget install --id MichalTrojnara.osslsigncode -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.