I have just purchased a new OV Certificate from Sectigo via KSoftware, previously this was provided as a download to my browser that I then exported as pfx file and signed with the ksign tool from KSoftware.
e.g
c:\Apps\kSign\ksigncmd /d "SongKong Installer" /du "http://jthink.net/songkong" /f c:\code\jthink\songkong\config\comodo.pfx /p cherry1 SongKong-11.4.exe
Now, new stricter requirements mean that instead I am sent a usb stick in the post and a password by email. Then I have to install and use SafeNet Authentication Client and enter password to access the certificate.
I can now see the certificate within SafeNet Authentication Client but how do I actually use it to sign my application?
Okay I found the answer
Needed to install WindowsSDK to get signtool
The procedure was then as follows:
Put USB stick in drive
Open Safenet Authentication Client
Run signtool as follows
C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe sign /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /a SongKong-11.4.exe
It is signed with the following output
Done Adding Additional Store
Successfully signed: SongKong-11.4.exe