A NuGet package is a standardized format for distributing software libraries, tools, and assets in the .NET ecosystem. It allows developers to easily share and consume code across different projects and platforms.
NuGet is a package manager for the .NET development framework, primarily used with Microsoft’s Visual Studio and .NET Core. It simplifies the process of managing external dependencies in a project by providing a centralized repository of packages that can be easily installed and updated.
Developers can use NuGet to search for packages from the official NuGet Gallery or other custom package sources. Once a package is identified, it can be installed into a project, which automatically resolves and downloads any required dependencies.
By utilizing NuGet packages, developers can save time by leveraging existing code and functionality, instead of reinventing the wheel for common tasks. It promotes code reuse, modular development, and simplifies the management of external libraries and dependencies in .NET projects.
SSL.com’s eSigner CodeSignTool is a secure, privacy-oriented multi-platform Java command line utility for remotely signing Microsoft Authenticode and Java code objects with eSigner-enrolled code signing certificates. It is able to sign Nuget packages efficiently and in a user-friendly manner.
Order a Code Signing Certificate
For instructions on how to order a production code signing certificate, please refer to the guide article: Ordering And Retrieving Code Signing and EV Code Signing Certificates.
For users who want to try code signing using a test certificate, the SSL.com sandbox environment offers a place where they can freely experiment. Follow the steps below to order an SSL.com test certificate.
- Login to your sandbox account at https://sandbox.ssl.com/login. If there is no sandbox account yet, a new one can be created at https://sandbox.ssl.com/users/new.
- Once logged in to the sandbox account, click the Dashboard tab.
- Scroll down to the developers and integration section and click the developer tools link.
- Select the test EV certificate you want to order. Specify the validity duration of the certificate. Finally, click the Create Test Order button.
- Contact SSL.com support team (email@example.com) for the test code signing certificate to be validated.
Enroll your Certificate in eSigner Cloud Code Signing
Once your certificate has been validated, you can now enroll it in eSigner. There are two methods on how to do this:
- QR code method: https://www.ssl.com/how-to/enroll-esigner-remote-document-ev-code-signing/
- OTP SMS method: https://www.ssl.com/guide/how-to-enable-otp-sms-two-factor-authentication-for-esigner-cloud-code-or-document-signing/
Install eSigner CodeSignTool
Please refer to this article to download and gain an overview of all the available commands in CodeSignTool.
Sign your Nuget File with eSigner CodeSignTool
- To be able to sign Nuget files using CodeSignTool, first you have to add the timestamp legacy endpoint in the Properties Source File of CodeSignTool. Open CodeSignTool folder > Open conf subfolder > Open code_sign_tool Properties Source File. Add the legacy endpoint: TSA_LEGACY_URL=http://ts.ssl.com/legacy
If you are using a test certificate, you also need to replace the contents of
conf/code_sign_tool.properties with the following text:
- Open your command-line tool and change the directory to point to the installation folder of CodeSignTool by using the cd command. Example:
C:\Users\Admin>cd C:\Users\Admin\My PC\Desktop\CodeSignTool
- Use this command to sign your Nuget File:
CodeSignTool sign -username=USERNAME -password=PASSWORD -credential_id=CREDENTIAL ID -input_file_path=INPUT FILE PATH -output_dir_path=OUTPUT DIRECTORY PATH
- After entering the sign command, your Command Line Tool will prompt you for the One Time Password (OTP) linked to the tool you used to enroll your certificate in eSigner: either a QR code app or SMS/mobile phone:
Enter the OTP - Press enter to continue:
- Code Signed Successfully! You will be notified that your Nuget file has been successfully signed. Example:
Code signed successfully: C:\Users\Admin\\My PC\Desktop\Signed Nuget Files\sample.nupkg
-credential_id=<CREDENTIAL_ID>: Credential ID for signing certificate.
-input_file_path=<PATH>: Path of code object to be signed.
-otp=<OTP>: OAuth OTP value from authentication app.
-output_dir_path=<PATH>: Directory where signed code object(s) will be written.
-password=<PASSWORD>: SSL.com account password.
-username=<USERNAME>: SSL.com account username
Troubleshooting Signing Errors
- If your password includes special characters, enclose it in quotes (e.g. -password=”P!@^^ssword12″).
- If you encounter signing errors like:
'C:\Users\Admin\Dropbox\My' is not recognized as an internal or external command, operable program or batch file.
The system cannot find the path specified.
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
\Documents\sample was unexpected at this time.
Try the following:
- Enclose your input file path and output directory path in quotes.
- Type or directly copy+paste the required parameters on the command line tool. Refrain from typing and copy-pasting the command from other text editors.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.