Self sign tauri app

SELF_SIGN.md

Sign tauri app with self signed certificate

See https://v2.tauri.app/distribute/sign/windows/

1. Create cert

$cert = New-SelfSignedCertificate -Type CodeSigning -Subject "CN=thewh1teagle" -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "cert:\CurrentUser\My"
Write-Output $cert.Thumbprint

Add to tauri.windows.conf.json

"windows": {
    "certificateThumbprint": "change me",
    "digestAlgorithm": "sha256",
    "timestampUrl": "http://timestamp.digicert.com"
}

Import & Export

# Export
$cert = Get-ChildItem -Path 'cert:\CurrentUser\My' | Where-Object { $_.Thumbprint -eq 'AA12C8F3CCBDCD283203E6DDD107152E9E6BD5FD' }
$securePassword = ConvertTo-SecureString -String 'password' -AsPlainText -Force
Export-PfxCertificate -Cert $cert -FilePath 'cert.pfx' -Password $securePassword

# Dump base64
[Convert]::ToBase64String([IO.File]::ReadAllBytes('cert.pfx')) | Write-Output

# Import base64
$password = ConvertTo-SecureString -String 'password' -AsPlainText -Force
[IO.File]::WriteAllBytes('cert.pfx', [Convert]::FromBase64String('long base64 cert'))
Import-PfxCertificate -Exportable -FilePath "cert.pfx" -CertStoreLocation 'cert:\CurrentUser\My' -Password $password
Remove-Item 'cert.pfx'

Manually sign resources (If needed)

Install Windowws SDK

$signtoolPath = (Get-ChildItem "C:\Program Files (x86)\Windows Kits\10\bin\" -Filter "signtool.exe" -Recurse | Where-Object FullName -like "*\x64\signtool.exe" | Select-Object -First 1).FullName
&$signtoolPath sign /f cert.pfx /p 'password' /tr http://timestamp.digicert.com /td sha256 /fd sha256 "app.exe"

Check signature of binary file

winget install --id=Microsoft.Sysinternals.Sigcheck -e
sigcheck app.exe

Inspect the certificate in GUI

To view the certificate in Windows:
Open search and type 'certmgr.msc' -> Press ENTER -> Navigate to Personal -> Certificates

Notes

• It's recommended to backup the base64 certificate to your password manager / another safe place along with the Thumbprint