2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								title: 'Code Signing'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								description: 'Code signing is a security technology that you use to certify that an app was created by you.'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								slug: code-signing
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								hide_title: false
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Code signing is a security technology to certify that an app was created by you.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								You should sign your application so it does not trigger any operating system
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								security warnings.
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:52:52 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:52:52 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Both Windows and macOS prevent users from running unsigned applications. It is
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								possible to distribute applications without codesigning them - but in order to
							 
						 
					
						
							
								
									
										
										
										
											2024-11-20 13:41:01 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								run them, users need to go through multiple advanced and manual steps.
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2018-06-16 03:43:03 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you are building an Electron app that you intend to package and distribute,
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								it should be code signed. The Electron ecosystem tooling makes codesigning your
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								apps straightforward - this documentation explains how sign your apps on both
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Windows and macOS.
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								## Signing & notarizing macOS builds
  
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Preparing macOS applications for release requires two steps: First, the
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								app needs to be code signed. Then, the app needs to be uploaded to Apple for a
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								process called **notarization** , where automated systems will further verify that
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								your app isn't doing anything to endanger its users.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								To start the process, ensure that you fulfill the requirements for signing and
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								notarizing your app:
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								1.  Enroll in the [Apple Developer Program][] (requires an annual fee) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								2.  Download and install [Xcode][] - this requires a computer running macOS 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								3.  Generate, download, and install [signing certificates][] 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Electron's ecosystem favors configuration and freedom, so there are multiple
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								ways to get your application signed and notarized.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Using Electron Forge
  
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								If you're using Electron's favorite build tool, getting your application signed
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								and notarized requires a few additions to your configuration. [Forge ](https://electronforge.io ) is a
							 
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:15:32 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								collection of the official Electron tools, using [`@electron/packager` ][],
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/osx-sign` ][], and [`@electron/notarize` ][] under the hood.
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Detailed instructions on how to configure your application can be found in the
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[Signing macOS Apps ](https://www.electronforge.io/guides/code-signing/code-signing-macos ) guide in
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								the Electron Forge docs.
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Using Electron Packager
  
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-09-21 13:49:22 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you're not using an integrated build pipeline like Forge, you
							 
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:15:32 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								are likely using [`@electron/packager` ][], which includes [`@electron/osx-sign` ][] and
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/notarize` ][].
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-05-28 11:15:18 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you're using Packager's API, you can pass
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[in configuration that both signs and notarizes your application ](https://electron.github.io/packager/main/modules.html ).
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If the example below does not meet your needs, please see [`@electron/osx-sign` ][] and
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[`@electron/notarize` ][] for the many possible configuration options.
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-05 15:26:26 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								```js @ts -nocheck
							 
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:15:32 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								const packager = require('@electron/packager ')
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								packager({
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  dir: '/path/to/my/app',
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  osxSign: {},
							 
						 
					
						
							
								
									
										
										
										
											2020-04-16 10:30:33 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  osxNotarize: {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    appleId: 'felix@felix .fun',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    appleIdPassword: 'my-apple-id-password'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								})
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Signing Mac App Store applications
  
						 
					
						
							
								
									
										
										
										
											2019-12-13 11:16:20 -05:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								See the [Mac App Store Guide][].
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								## Signing Windows builds
  
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Using traditional certificates
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Before you can code sign your application, you need to acquire a code signing
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								certificate. Unlike Apple, Microsoft allows developers to purchase those
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								certificates on the open market. They are usually sold by the same companies
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								also offering HTTPS certificates. Prices vary, so it may be worth your time to
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								shop around. Popular resellers include:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [Certum EV code signing certificate ](https://shop.certum.eu/data-safety/code-signing-certificates/certum-ev-code-sigining.html ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [DigiCert EV code signing certificate ](https://www.digicert.com/signing/code-signing-certificates ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [Entrust EV code signing certificate ](https://www.entrustdatacard.com/products/digital-signing-certificates/code-signing-certificates ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [GlobalSign EV code signing certificate ](https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [IdenTrust EV code signing certificate ](https://www.identrust.com/digital-certificates/trustid-ev-code-signing ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [Sectigo (formerly Comodo) EV code signing certificate ](https://sectigo.com/ssl-certificates-tls/code-signing ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								-  [SSL.com EV code signing certificate ](https://www.ssl.com/certificates/ev-code-signing/ ) 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								It is important to call out that since June 2023, Microsoft requires software to
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								be signed with an "extended validation" certificate, also called an "EV code signing
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								certificate". In the past, developers could sign software with a simpler and cheaper
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								certificate called "authenticode code signing certificate" or "software-based OV certificate".
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								These simpler certificates no longer provide benefits: Windows will treat your app as
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								completely unsigned and display the equivalent warning dialogs.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								The new EV certificates are required to be stored on a hardware storage module
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								compliant with FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent. In other words,
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								the certificate cannot be simply downloaded onto a CI infrastructure. In practice,
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								those storage modules look like fancy USB thumb drives.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Many certificate providers now offer "cloud-based signing" - the entire signing hardware
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								is in their data center and you can use it to remotely sign code. This approach is
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								popular with Electron maintainers since it makes signing your applications in CI (like
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								GitHub Actions, CircleCI, etc) relatively easy.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								At the time of writing, Electron's own apps use [DigiCert KeyLocker ](https://docs.digicert.com/en/digicert-keylocker.html ), but any provider that provides a command line tool for
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								signing files will be compatible with Electron's tooling.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								All tools in the Electron ecosystem use [`@electron/windows-sign` ][] and typically
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								expose configuration options through a `windowsSign`  property. You can either use it
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								to sign files directly - or use the same `windowsSign`  configuration across Electron
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Forge, [`@electron/packager` ][], [`electron-winstaller` ][], and [`electron-wix-msi` ][].
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#### Using Electron Forge
  
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Electron Forge is the recommended way to sign your app as well as your `Squirrel.Windows` 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								and `WiX MSI`  installers. Detailed instructions on how to configure your application can
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								be found in the [Electron Forge Code Signing Tutorial ](https://www.electronforge.io/guides/code-signing/code-signing-windows ).
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#### Using Electron Packager
  
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you're not using an integrated build pipeline like Forge, you
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								are likely using [`@electron/packager` ][], which includes [`@electron/windows-sign` ][].
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-05-28 11:15:18 -07:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								If you're using Packager's API, you can pass
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[in configuration that signs your application ](https://electron.github.io/packager/main/modules.html ).
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								If the example below does not meet your needs, please see [`@electron/windows-sign` ][]
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								for the many possible configuration options.
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								```js @ts -nocheck
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								const packager = require('@electron/packager ')
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								packager({
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  dir: '/path/to/my/app',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  windowsSign: {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    signWithParams: '--my=custom --parameters',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // If signtool.exe does not work for you, customize!
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								})
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#### Using electron-winstaller (Squirrel.Windows)
  
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`electron-winstaller` ][] is a package that can generate Squirrel.Windows installers for your
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Electron app. This is the tool used under the hood by Electron Forge's
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[Squirrel.Windows Maker][maker-squirrel]. Just like `@electron/packager` , it uses
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[`@electron/windows-sign` ][] under the hood and supports the same `windowsSign` 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								options.
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-05 15:26:26 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								```js {10-11} @ts -nocheck
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								const electronInstaller = require('electron-winstaller')
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// NB: Use this syntax within an async function, Node does not have support for
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								//     top-level await as of Node 12.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								try {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  await electronInstaller.createWindowsInstaller({
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    appDirectory: '/tmp/build/my-app-64',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    outputDirectory: '/tmp/build/installer64',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    authors: 'My App Inc.',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    exe: 'myapp.exe',
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    windowsSign: {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      signWithParams: '--my=custom --parameters',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      // If signtool.exe does not work for you, customize!
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    }
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  })
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  console.log('It worked!')
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								} catch (e) {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  console.log(`No dice: ${e.message}` )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For full configuration options, check out the [`electron-winstaller` ][] repository!
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#### Using electron-wix-msi (WiX MSI)
  
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`electron-wix-msi` ][] is a package that can generate MSI installers for your
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Electron app. This is the tool used under the hood by Electron Forge's [MSI Maker][maker-msi].
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Just like `@electron/packager` , it uses [`@electron/windows-sign` ][] under the hood
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								and supports the same `windowsSign`  options.
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-06-05 15:26:26 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								```js {12-13} @ts -nocheck
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								import { MSICreator } from 'electron-wix-msi'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// Step 1: Instantiate the MSICreator
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								const msiCreator = new MSICreator({
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  appDirectory: '/path/to/built/app',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  description: 'My amazing Kitten simulator',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  exe: 'kittens',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  name: 'Kittens',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  manufacturer: 'Kitten Technologies',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  version: '1.1.2',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  outputDirectory: '/path/to/output/folder',
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  windowsSign: {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    signWithParams: '--my=custom --parameters',
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    // If signtool.exe does not work for you, customize!
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    signToolPath: 'C:\\Path\\To\\my-custom-tool.exe'
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								})
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// Step 2: Create a .wxs template file
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								const supportBinaries = await msiCreator.create()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// 🆕 Step 2a: optionally sign support binaries if you
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// sign you binaries as part of of your packaging script
							 
						 
					
						
							
								
									
										
										
										
											2023-08-31 16:36:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								for (const binary of supportBinaries) {
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  // Binaries are the new stub executable and optionally
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  // the Squirrel auto updater.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  await signFile(binary)
							 
						 
					
						
							
								
									
										
										
										
											2023-08-31 16:36:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// Step 3: Compile the template to a .msi file
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								await msiCreator.compile()
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								For full configuration options, check out the [`electron-wix-msi` ][] repository!
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#### Using Electron Builder
  
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Electron Builder comes with a custom solution for signing your application. You
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								can find [its documentation here ](https://www.electron.build/code-signing ).
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Using Azure Trusted Signing
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[Azure Trusted Signing][] is Microsoft's modern cloud-based alternative to EV certificates.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								It is the cheapest option for code signing on Windows, and it gets rid of SmartScreen warnings.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								As of May 2025, Azure Trusted Signing is [available][trusted-signing-availability] to US and
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Canada-based organizations with 3+ years of verifiable business history. Microsoft is looking
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								to make the program more widely available. If you're reading this at a later point, it could
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								make sense to check if the eligibility criteria have changed.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#### Using Electron Forge
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Electron Forge is the recommended way to sign your app as well as your `Squirrel.Windows` 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								and `WiX MSI`  installers. Instructions for Azure Trusted Signing can be found
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[here][forge-trusted-signing].
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#### Using Electron Builder
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								The Electron Builder documentation for Azure Trusted Signing can be found
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[here][builder-trusted-signing].
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								### Signing Windows Store applications
  
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-01-16 01:22:49 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								See the [Windows Store Guide][].
							 
						 
					
						
							
								
									
										
										
										
											2018-05-01 17:56:44 -07:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[apple developer program]: https://developer.apple.com/programs/
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/osx-sign` ]: https://github.com/electron/osx-sign
							 
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:15:32 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/packager` ]: https://github.com/electron/packager
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/notarize` ]: https://github.com/electron/notarize
							 
						 
					
						
							
								
									
										
										
										
											2024-03-08 10:02:39 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`@electron/windows-sign` ]: https://github.com/electron/windows-sign
							 
						 
					
						
							
								
									
										
										
										
											2018-05-02 11:12:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`electron-winstaller` ]: https://github.com/electron/windows-installer
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[`electron-wix-msi` ]: https://github.com/electron-userland/electron-wix-msi
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[xcode]: https://developer.apple.com/xcode
							 
						 
					
						
							
								
									
										
										
										
											2022-11-11 11:42:27 -08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[signing certificates]: https://developer.apple.com/support/certificates/
							 
						 
					
						
							
								
									
										
										
										
											2022-06-22 04:17:48 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[mac app store guide]: ./mac-app-store-submission-guide.md
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[windows store guide]: ./windows-store-guide.md
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[maker-squirrel]: https://www.electronforge.io/config/makers/squirrel.windows
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[maker-msi]: https://www.electronforge.io/config/makers/wix-msi
							 
						 
					
						
							
								
									
										
										
										
											2025-06-05 19:13:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								[azure trusted signing]: https://azure.microsoft.com/en-us/products/trusted-signing
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[trusted-signing-availability]: https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-public-preview-update/4399713
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[forge-trusted-signing]: https://www.electronforge.io/guides/code-signing/code-signing-windows#using -azure-trusted-signing
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								[builder-trusted-signing]: https://www.electron.build/code-signing-win#using -azure-trusted-signing-beta