{"id":249984,"date":"2024-07-29T08:00:14","date_gmt":"2024-07-29T15:00:14","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/visualstudio\/?p=249984"},"modified":"2024-07-26T15:27:56","modified_gmt":"2024-07-26T22:27:56","slug":"sign-vsix-packages-with-sign-cli","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/visualstudio\/sign-vsix-packages-with-sign-cli\/","title":{"rendered":"Sign VSIX packages with Sign CLI"},"content":{"rendered":"

You can now leverage Sign CLI<\/a> for a more secure, modern way to sign your Visual Studio extensions. Signing your VSIX packages improves security, prevents tampering, and builds trust with your users. This integration makes it easier and more convenient to sign your packages than ever before!<\/p>\n

\"Screenshot<\/p>\n

Sign CLI replaces the older VSIXSignTool with a modern, general purpose sign tool that\u2019s actively maintained and kept up to date with the latest security standards. It supports cloud and local signing from a variety of sources and can also fit seamlessly into your CI pipeline for easy integration. Continue reading to learn how to enhance your extension publishing workflow by using Sign CLI!<\/p>\n

Obtain a code signing certificate<\/h2>\n

To sign your VSIX, you\u2019ll need a valid EV or standard certificate from a public certificate authority that utilizes SHA 256, SHA 384, or SHA 512 digest algorithms. Windows supports certificates from many popular certificate authorities, such as Certum<\/a>, Comodo<\/a>, DigiCert<\/a>, GlobalSign<\/a>, SSL.com<\/a>, and more.<\/p>\n

For a full list of trusted partners, please see https:\/\/aka.ms\/TrustCertPartners<\/a>.<\/p>\n

Get ready to sign your extensions<\/h2>\n

To start using Sign CLI to sign your extension packages, you\u2019ll first need to install it. It\u2019s available as a dotnet tool on the nuget.org Gallery. To install, open Visual Studio\u2019s integrated terminal using View > Terminal (or use the Ctrl+` shortcut), then use the commands below. Note that if you\u2019re working outside of Visual Studio, you can access the Developer PowerShell by selecting Start in Windows then typing in \u201cdeveloper PowerShell\u201d.<\/p>\n

Install Sign CLI<\/h3>\n

The Sign tool is still a prerelease version, so you\u2019ll need to include the `–prerelease` flag when you install to get the latest:<\/p>\n

dotnet tool install sign --prerelease --global<\/code><\/p>\n

To install a specific version, visit the versions tab on the Sign CLI page on nuget.org<\/a> to find the version you\u2019re interested in and use the following syntax:<\/p>\n

dotnet tool install sign --global --version <version><\/code><\/p>\n

Offline installation<\/h4>\n

In the event you\u2019re working in an isolated environment, you can download the Sign CLI NuGet package you want and install it using:<\/p>\n

dotnet tool install --global --version <version> --add-source <path to folder> sign<\/code><\/p>\n

Sign your VSIX using Sign CLI<\/h2>\n

Sign CLI supports cloud signing with Azure Key Vault or local signing using certificates and private keys stored in:<\/p>\n