Merge pull request #3772 from ripcurlx/add-windows-signing

Add command for signing windows executables with the default code signing certificate

desktop/package/windows/package.bat

@@ -2,6 +2,9 @@
 ::   - Inno Setup unicode installed (http://www.jrsoftware.org/isdl.php)
 ::   - OracleJDK 10 installed
 ::     Note: OpenJDK 10 does not have the javapackager util, so must use OracleJDK
+::   - Sign Tool installed (https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool)
+::     Note: Sign Tool is part of Windows 10 SDK (https://go.microsoft.com/fwlink/?LinkID=698771)
+::   - Code signing certificate installed
 :: Prior to running this script:
 ::   - Update version below
 ::   - Ensure JAVA_HOME below is pointing to OracleJDK 10 directory
@@ -115,6 +118,9 @@ if not exist "%package_dir%\windows\Bisq-%version%.exe" (
     exit /B 3
 )
 
+echo Signing executable with default Code Signing Certificate
+call "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" sign /v /fd SHA256 /a "Bisq-%version%.exe"
+
 echo SHA256 of %package_dir%\windows\Bisq-%version%.exe:
 for /F "delims=" %%h in ('certutil -hashfile "%package_dir%\windows\Bisq-%version%.exe" SHA256 ^| findstr -i -v "SHA256" ^| findstr -i -v "certutil"') do (set hash=%%h)
 echo %hash%