Differences

This shows you the differences between two versions of the page.

--- compile_powershell [2024/12/23 20:32] – kenson
+++ compile_powershell [2025/10/25 23:11] (current) – kenson
@@ Line 17: / Line 17: @@
 To sign the binary, I followed the steps in the following docs:
-[[https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/]]
+  * [[https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/]]
-[[https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe
+  * [[https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md#232-preparing-signtoolexe]]
-]]
 Signing Command once everything is set up:
@@ Line 26: / Line 25: @@
 </code>
+The key is to get the following metadata correct and log into azure with the correct credentials
 metadata.json
@@ Line 35: / Line 35: @@
  }
 </code>
---
-Notes:
+The CodeSigningAccountName is the TrustedSigningAccount in the Azure Dashboard
-<code>
-Azure CLI
-https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli#install-or-update
+{{:codesigningaccountname.png?600|}}
-.NET 6.0
+The CertificateProfileName is the relevant entry in your CertificateProfile
-https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-6.0.9-windows-x64-installer
+{{:certificateprofile.png?600|}}
-* `AZURE_TENANT_ID`:
+To set up azure CLI environment for signing, from powershell run:
-The Microsoft Entra tenant (directory) ID.
+<code>
-Use the value you noted down earlier. Can also be found in Microsoft Entra ID.
+az login
-* `AZURE_CLIENT_ID`:
+</code>
-The client (application) ID of an App Registration in the tenant.
-Use the value you noted down earlier.
-* `AZURE_CLIENT_SECRET`:
-A client secret ("value") that was generated for the App Registration.
-Use the value you noted down earlier.
-Secret ID
+e.g.
-b9f633b1-95a9-41a3-916d-5f767a5a1eff
-Secret ID
-b9f633b1-95a9-41a3-916d-5f767a5a1eff
---
------------------------------------------------------------
-EmbrientApplication
-Application (client) ID:
-bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-Object ID:
-f767a96b-d3d9-4b47-831b-702fae753509
-Directory (tenant) ID:
-b98d9c4-2ba7-4bbe-84e6-3009d4892a19
---
-EmbrientApplicationClientSecret (expires 12/10/2026)
-Value:
-jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-Secret ID:
-ba0b65af-583b-48fd-ab4b-6abdc122da98
---
+<code>
 PS C:\WINDOWS\system32> az login
 Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
@@ Line 95: / Line 61: @@
 No     Subscription name      Subscription ID                       Tenant
 -----  ---------------------  ------------------------------------  -----------------
-[1] *  Azure subscription 1   eded16d8-8a4d-4848-ae8b-b015efb8ac7b  Default Directory
+[1] *  Azure subscription 1   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
-[2]    Code Signing Embrient  7cd6e16e-643f-4f9d-9f03-6fdfcfd6636d  Default Directory
+[2]    Code Signing Embrient  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Default Directory
-The default is marked with an *; the default tenant is 'Default Directory' and subscription is 'Azure subscription 1' (eded16d8-8a4d-4848-ae8b-b015efb8ac7b).
+The default is marked with an *; the default tenant is 'Default Directory' and subscription is 'Azure subscription 1' (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
-Select a subscription and tenant (Type a number or Enter for no changes): 2
+Select a subscription and tenant (Type a number or Enter for no changes):</code>
-Tenant: Default Directory
-Subscription: Code Signing Embrient (7cd6e16e-643f-4f9d-9f03-6fdfcfd6636d)
-[Announcements]
+Next set up for code signing via the command
-With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271236
-If you encounter any problem, please open an issue at https://aka.ms/azclibug
+<code>
+az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e
+</code>
+<code>
+az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read
+</code>
-[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.
+<kbd>Q</kbd>
-PS C:\WINDOWS\system32> az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e
-{
-  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity",
-  "accountEnabled": true,
-  "addIns": [],
-  "alternativeNames": [],
-  "appDescription": null,
-  "appDisplayName": "Azure Code Signing API",
-  "appId": "cf2ab426-f71a-4b61-bb8a-9e505b85bc2e",
-  "appOwnerOrganizationId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
-  "appRoleAssignmentRequired": false,
-  "appRoles": [],
-  "applicationTemplateId": null,
-  "createdDateTime": null,
-  "deletedDateTime": null,
-  "description": null,
-  "disabledByMicrosoftStatus": null,
-  "displayName": "Azure Code Signing API",
-  "homepage": null,
-  "id": "efcfc3c2-91fb-4497-b617-6a374be730ee",
-  "info": {
-    "logoUrl": null,
-    "marketingUrl": null,
-    "privacyStatementUrl": null,
-    "supportUrl": null,
-    "termsOfServiceUrl": null
-  },
-  "keyCredentials": [],
-  "loginUrl": null,
-  "logoutUrl": null,
-  "notes": null,
-  "notificationEmailAddresses": [],
-  "oauth2PermissionScopes": [
-    {
-      "adminConsentDescription": "Allows access to Azure Code Signing API as the signed-in user.",
-      "adminConsentDisplayName": "Access Azure Code Signing API",
-      "id": "1a019b87-5997-487a-bcfc-8f46a5453f28",
-      "isEnabled": true,
-      "type": "User",
-      "userConsentDescription": "Allow access to Azure Code Signing API on your behalf.",
-      "userConsentDisplayName": "Access Azure Code Signing API",
-      "value": "access_as_user"
-    }
-  ],
-  "passwordCredentials": [],
-  "preferredSingleSignOnMode": null,
-  "preferredTokenSigningKeyThumbprint": null,
-  "replyUrls": [
-    "https://localhost:5001/swagger/oauth2-redirect.html",
-    "https://localhost/"
-  ],
-  "resourceSpecificApplicationPermissions": [],
-  "samlSingleSignOnSettings": null,
-  "servicePrincipalNames": [
-    "cf2ab426-f71a-4b61-bb8a-9e505b85bc2e",
-    "api://cf2ab426-f71a-4b61-bb8a-9e505b85bc2e"
-  ],
-  "servicePrincipalType": "Application",
-  "signInAudience": "AzureADMultipleOrgs",
-  "tags": [],
-  "tokenEncryptionKeyId": null,
-  "verifiedPublisher": {
-    "addedDateTime": null,
-    "displayName": null,
-    "verifiedPublisherId": null
-  }
-}
-PS C:\WINDOWS\system32> az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read
->>
-{
-  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#oauth2PermissionGrants/$entity",
-  "clientId": "efcfc3c2-91fb-4497-b617-6a374be730ee",
-  "consentType": "AllPrincipals",
-  "id": "wsPP7_uRl0S2F2o3S-cw7g0Qt8sMlaVBuBKOgqdW5IQ",
-  "principalId": null,
-  "resourceId": "cbb7100d-950c-41a5-b812-8e82a756e484",
-  "scope": "User.Read"
-}
---
-SIGNTOOL:
-C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe
-AZURE_TENANT_ID:
-b98d9c4-2ba7-4bbe-84e6-3009d4892a19
-AZURE_CLIENT_ID:
-bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-AZURE_CLIENT_SECRET:
-jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-ACS_DLIB:
-C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.Core.dll
-ACS_JSON:
-U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json
-set AZURE_TENANT_ID=5b98d9c4-2ba7-4bbe-84e6-3009d4892a19
-set AZURE_CLIENT_ID=bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-set AZURE_CLIENT_SECRET=jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-"C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.Core.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
---
-az login --service-principal -u "bce73e33-0cd2-46e0-b6d5-5e02177d1e7e" -p "jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV" --tenant "5b98d9c4-2ba7-4bbe-84e6-3009d4892a19"
---
-Worked!!!
-& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
---
-& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" verify /v /pa FlashGMS.exe
---
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3> & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
-Trusted Signing
-Version: 1.0.60
-"Metadata": {
-  "Endpoint": "https://eus.codesigning.azure.net/",
-  "CodeSigningAccountName": "Embrient",
-  "CertificateProfileName": "EmbrientPT",
-  "ExcludeCredentials": []
-}
-Submitting digest for signing...
-OperationId 761b5826-3a59-4a4f-bee0-862d8014db98: InProgress
-Signing completed with status 'Succeeded' in 2.792955s
-Successfully signed: FlashGMS.exe
-Number of files successfully Signed: 1
-Number of warnings: 0
-Number of errors: 0
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3> & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" verify /v /pa FlashGMS.exe
-Verifying: FlashGMS.exe
-Signature Index: 0 (Primary Signature)
-Hash of file (sha256): 591B2DB7FC4EFD21D3E6F6495E6AB38F7B0E1A29B22D2160CBAED4A9280A5A23
-Signing Certificate Chain:
-    Issued to: Microsoft Identity Verification Root Certificate Authority 2020
-    Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-    Expires:   Sun Apr 16 10:44:40 2045
-    SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
-        Issued to: Microsoft ID Verified Code Signing PCA 2021
-        Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-        Expires:   Tue Apr 01 12:15:20 2036
-        SHA1 hash: 8E750F459DAF9A79D6370DB747AD2226866AD818
-            Issued to: Microsoft ID Verified CS AOC CA 02
-            Issued by: Microsoft ID Verified Code Signing PCA 2021
-            Expires:   Mon Apr 13 09:31:52 2026
-            SHA1 hash: 7BEE5EE49C8AC13A21A202BBC266A5547CD0265D
-                Issued to: Embrient, Inc.
-                Issued by: Microsoft ID Verified CS AOC CA 02
-                Expires:   Fri Dec 13 15:16:20 2024
-                SHA1 hash: 78667D9D10B712F94B4E7CA856B2401C9444B3D7
-The signature is timestamped: Tue Dec 10 20:51:58 2024
-Timestamp Verified by:
-    Issued to: Microsoft Identity Verification Root Certificate Authority 2020
-    Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-    Expires:   Sun Apr 16 10:44:40 2045
-    SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
-        Issued to: Microsoft Public RSA Timestamping CA 2020
-        Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-        Expires:   Mon Nov 19 12:42:31 2035
-        SHA1 hash: 27F0ABAC2877BA255F62B389B43FF539A0FB598E
-            Issued to: Microsoft Public RSA Time Stamping Authority
-            Issued by: Microsoft Public RSA Timestamping CA 2020
-            Expires:   Sat Feb 15 12:36:16 2025
-            SHA1 hash: D24C0B49D69EC0C7057842693F741708C7351F23
-Successfully verified: FlashGMS.exe
-Number of files successfully Verified: 1
-Number of warnings: 0
-Number of errors: 0
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3>
-Azure CLI
-https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli#install-or-update
-.NET 6.0
-https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-6.0.9-windows-x64-installer
-* `AZURE_TENANT_ID`:
-The Microsoft Entra tenant (directory) ID.
-Use the value you noted down earlier. Can also be found in Microsoft Entra ID.
-* `AZURE_CLIENT_ID`:
-The client (application) ID of an App Registration in the tenant.
-Use the value you noted down earlier.
-* `AZURE_CLIENT_SECRET`:
-A client secret ("value") that was generated for the App Registration.
-Use the value you noted down earlier.
-Secret ID
-b9f633b1-95a9-41a3-916d-5f767a5a1eff
-Secret ID
-b9f633b1-95a9-41a3-916d-5f767a5a1eff
---
------------------------------------------------------------
-EmbrientApplication
-Application (client) ID:
-bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-Object ID:
-f767a96b-d3d9-4b47-831b-702fae753509
-Directory (tenant) ID:
-b98d9c4-2ba7-4bbe-84e6-3009d4892a19
---
-EmbrientApplicationClientSecret (expires 12/10/2026)
-Value:
-jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-Secret ID:
-ba0b65af-583b-48fd-ab4b-6abdc122da98
---
-PS C:\WINDOWS\system32> az login
-Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
-Retrieving tenants and subscriptions for the selection...
-[Tenant and subscription selection]
-No     Subscription name      Subscription ID                       Tenant
------  ---------------------  ------------------------------------  -----------------
-[1] *  Azure subscription 1   eded16d8-8a4d-4848-ae8b-b015efb8ac7b  Default Directory
-[2]    Code Signing Embrient  7cd6e16e-643f-4f9d-9f03-6fdfcfd6636d  Default Directory
-The default is marked with an *; the default tenant is 'Default Directory' and subscription is 'Azure subscription 1' (eded16d8-8a4d-4848-ae8b-b015efb8ac7b).
-Select a subscription and tenant (Type a number or Enter for no changes): 2
-Tenant: Default Directory
-Subscription: Code Signing Embrient (7cd6e16e-643f-4f9d-9f03-6fdfcfd6636d)
-[Announcements]
-With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271236
-If you encounter any problem, please open an issue at https://aka.ms/azclibug
-[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.
-PS C:\WINDOWS\system32> az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e
-{
-  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity",
-  "accountEnabled": true,
-  "addIns": [],
-  "alternativeNames": [],
-  "appDescription": null,
-  "appDisplayName": "Azure Code Signing API",
-  "appId": "cf2ab426-f71a-4b61-bb8a-9e505b85bc2e",
-  "appOwnerOrganizationId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
-  "appRoleAssignmentRequired": false,
-  "appRoles": [],
-  "applicationTemplateId": null,
-  "createdDateTime": null,
-  "deletedDateTime": null,
-  "description": null,
-  "disabledByMicrosoftStatus": null,
-  "displayName": "Azure Code Signing API",
-  "homepage": null,
-  "id": "efcfc3c2-91fb-4497-b617-6a374be730ee",
-  "info": {
-    "logoUrl": null,
-    "marketingUrl": null,
-    "privacyStatementUrl": null,
-    "supportUrl": null,
-    "termsOfServiceUrl": null
-  },
-  "keyCredentials": [],
-  "loginUrl": null,
-  "logoutUrl": null,
-  "notes": null,
-  "notificationEmailAddresses": [],
-  "oauth2PermissionScopes": [
-    {
-      "adminConsentDescription": "Allows access to Azure Code Signing API as the signed-in user.",
-      "adminConsentDisplayName": "Access Azure Code Signing API",
-      "id": "1a019b87-5997-487a-bcfc-8f46a5453f28",
-      "isEnabled": true,
-      "type": "User",
-      "userConsentDescription": "Allow access to Azure Code Signing API on your behalf.",
-      "userConsentDisplayName": "Access Azure Code Signing API",
-      "value": "access_as_user"
-    }
-  ],
-  "passwordCredentials": [],
-  "preferredSingleSignOnMode": null,
-  "preferredTokenSigningKeyThumbprint": null,
-  "replyUrls": [
-    "https://localhost:5001/swagger/oauth2-redirect.html",
-    "https://localhost/"
-  ],
-  "resourceSpecificApplicationPermissions": [],
-  "samlSingleSignOnSettings": null,
-  "servicePrincipalNames": [
-    "cf2ab426-f71a-4b61-bb8a-9e505b85bc2e",
-    "api://cf2ab426-f71a-4b61-bb8a-9e505b85bc2e"
-  ],
-  "servicePrincipalType": "Application",
-  "signInAudience": "AzureADMultipleOrgs",
-  "tags": [],
-  "tokenEncryptionKeyId": null,
-  "verifiedPublisher": {
-    "addedDateTime": null,
-    "displayName": null,
-    "verifiedPublisherId": null
-  }
-}
-PS C:\WINDOWS\system32> az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read
->>
-{
-  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#oauth2PermissionGrants/$entity",
-  "clientId": "efcfc3c2-91fb-4497-b617-6a374be730ee",
-  "consentType": "AllPrincipals",
-  "id": "wsPP7_uRl0S2F2o3S-cw7g0Qt8sMlaVBuBKOgqdW5IQ",
-  "principalId": null,
-  "resourceId": "cbb7100d-950c-41a5-b812-8e82a756e484",
-  "scope": "User.Read"
-}
---
-SIGNTOOL:
-C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe
-AZURE_TENANT_ID:
-b98d9c4-2ba7-4bbe-84e6-3009d4892a19
-AZURE_CLIENT_ID:
-bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-AZURE_CLIENT_SECRET:
-jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-ACS_DLIB:
-C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.Core.dll
-ACS_JSON:
-U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json
-set AZURE_TENANT_ID=5b98d9c4-2ba7-4bbe-84e6-3009d4892a19
-set AZURE_CLIENT_ID=bce73e33-0cd2-46e0-b6d5-5e02177d1e7e
-set AZURE_CLIENT_SECRET=jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV
-"C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.Core.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
---
-az login --service-principal -u "bce73e33-0cd2-46e0-b6d5-5e02177d1e7e" -p "jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV" --tenant "5b98d9c4-2ba7-4bbe-84e6-3009d4892a19"
---
-Worked!!!
-& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
---
-& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" verify /v /pa FlashGMS.exe
---
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3> & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\PRIPYAT\Desktop\Sign\Microsoft.Trusted.Signing.Client.1.0.60\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3\metadata.json" FlashGMS.exe
-Trusted Signing
-Version: 1.0.60
-"Metadata": {
-  "Endpoint": "https://eus.codesigning.azure.net/",
-  "CodeSigningAccountName": "Embrient",
-  "CertificateProfileName": "EmbrientPT",
-  "ExcludeCredentials": []
-}
-Submitting digest for signing...
-OperationId 761b5826-3a59-4a4f-bee0-862d8014db98: InProgress
-Signing completed with status 'Succeeded' in 2.792955s
-Successfully signed: FlashGMS.exe
-Number of files successfully Signed: 1
-Number of warnings: 0
-Number of errors: 0
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3> & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" verify /v /pa FlashGMS.exe
-Verifying: FlashGMS.exe
-Signature Index: 0 (Primary Signature)
-Hash of file (sha256): 591B2DB7FC4EFD21D3E6F6495E6AB38F7B0E1A29B22D2160CBAED4A9280A5A23
-Signing Certificate Chain:
-    Issued to: Microsoft Identity Verification Root Certificate Authority 2020
-    Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-    Expires:   Sun Apr 16 10:44:40 2045
-    SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
-        Issued to: Microsoft ID Verified Code Signing PCA 2021
-        Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-        Expires:   Tue Apr 01 12:15:20 2036
-        SHA1 hash: 8E750F459DAF9A79D6370DB747AD2226866AD818
-            Issued to: Microsoft ID Verified CS AOC CA 02
-            Issued by: Microsoft ID Verified Code Signing PCA 2021
-            Expires:   Mon Apr 13 09:31:52 2026
-            SHA1 hash: 7BEE5EE49C8AC13A21A202BBC266A5547CD0265D
-                Issued to: Embrient, Inc.
-                Issued by: Microsoft ID Verified CS AOC CA 02
-                Expires:   Fri Dec 13 15:16:20 2024
-                SHA1 hash: 78667D9D10B712F94B4E7CA856B2401C9444B3D7
-The signature is timestamped: Tue Dec 10 20:51:58 2024
-Timestamp Verified by:
-    Issued to: Microsoft Identity Verification Root Certificate Authority 2020
-    Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-    Expires:   Sun Apr 16 10:44:40 2045
-    SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
-        Issued to: Microsoft Public RSA Timestamping CA 2020
-        Issued by: Microsoft Identity Verification Root Certificate Authority 2020
-        Expires:   Mon Nov 19 12:42:31 2035
-        SHA1 hash: 27F0ABAC2877BA255F62B389B43FF539A0FB598E
-            Issued to: Microsoft Public RSA Time Stamping Authority
-            Issued by: Microsoft Public RSA Timestamping CA 2020
-            Expires:   Sat Feb 15 12:36:16 2025
-            SHA1 hash: D24C0B49D69EC0C7057842693F741708C7351F23
-Successfully verified: FlashGMS.exe
-Number of files successfully Verified: 1
-Number of warnings: 0
-Number of errors: 0
-PS U:\Ken\Embrient\GMS\ESP32C3 Firmware GMS\Holycrapitworks_ST7565_LOX_ESP32C3_copy_20241201\build\esp32.esp32.XIAO_ESP32C3>
-</code>