docs: add hardware-token / thumbprint signing example#116
Open
claude[bot] wants to merge 1 commit into
Open
Conversation
Add a README example showing how to sign by certificate SHA1 thumbprint (e.g. Certum SimplySign and other hardware-token / cloud HSM setups that install the certificate into the Windows certificate store) via signWithParams, parallel to the existing DigiCert example. Closes #42
MarshallOfSound
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requested by Samuel Attard · Slack thread
Before / After
Before: The README only documented signing with a
.pfx/certificateFileor the DigiCert KeyLockersignWithParamsexample. There was no guidance for hardware-token / cloud-HSM setups (like Certum SimplySign) that sign by referencing a certificate's SHA1 thumbprint already installed in the Windows certificate store. Users hit this wall and had to open issues to ask (see #42).After: The README includes a short, copy-pasteable example showing how to sign by SHA1 thumbprint via
signWithParams, with a note that nocertificateFile/certificatePasswordis needed in that flow.How
Adds a parallel example immediately after the existing DigiCert
signWithParamsexample in the "Custom signtool parameters" section. It mirrors the existing example's structure, code-fence language, and tone, and uses standardsigntoolparams (/sha1 <thumbprint> /tr ... /td sha256 /fd sha256). Confirmed againstsrc/types.tsthatsignWithParams?: string | Array<string>is the correct field. No API surface or code changes — documentation only.Closes #42
Generated by Claude Code