nextgens / authenticode-sign-action Goto Github PK

Getting the warning The following actions uses node12 which is deprecated and will be forced to run on node16: nextgens/[email protected]. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

Maybe it would be helpful to include a bit of documentation on how to add the key to KMS? There is not any easy documentation on this anywhere it seems and I am lost on how to do it.

I have a Sectigo EV code signing certificate on an eToken. Here is the relevant token information

Token name: ***            
Token category: Hardware
Reader name: SafeNet eToken 5100/5110
Serial number (PKCS#11): 198***
Free space (minimum estimated): 71945
Hardware version: 0.0
Firmware version: N/A
Card ID (GUID): 0x79***
Product name: eToken 5110 CC (940)
Model: N/A
Card type: ID Prime MD
Applet Version: IDPrime Java Applet 4.4.2.A
Mask version: G286
Color: N/A
Supported key size: 4096 bits
Token Password: Present
Token Password retries remaining: 3
Maximum Token Password retries: 3
Token Password expiration: No expiration
Administrator Password: Present
Administrator Password retries remaining: 5
Maximum administrator Password retries: 5
FIPS: N/A
Common Criteria (CC): CC EAL5+ / PP QSCD 
Token unlock objects: Administrator
Digital Signature PIN retries remaining: 3
Digital Signature PIN maximum retries: 3
Digital Signature PUK retries remaining: 3
Digital Signature PUK maximum retries: 3
Sign padding on-board: Yes
RSM: N/A
ECC: Supported

1. As per the certificate parameter description in https://github.com/marketplace/actions/authenticode-cloud-signer... How does one export the token as a .pem file?
2. When creating a key in Google KMS, what are the settings?

• Protection level: HSM
• Purpose: is it Symmetric encrypt/decrypt or Asymmetric sign?

3. How do you import the key?

• How do you wrap the key using the downloaded wrapping key?

Hi, Jsign now supports cloud signing services such as Google KMS. What about changing the action to use it instead of signtool? That would make the action cross platform and compatible with other services (Azure Key Vault and DigiCert ONE).

Hello

I have a problem with failing file sign

but I cannot know which file it is, there's no name displayed

it's only this one file which prevents the job from completion

I forked this repo but to be honest I don't know what I could modify to add failed file name logging

Could you please add to your README.md which certficates are supported by this action and where to buy them? Thanks!

Not everyone is using the same CA... so it probably makes sense to let people configure it