Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: package creation • Supported versions: 4.6+
Signs all the packages matching the first argument with a certificate. The certificate with the private key can be obtained from a file or from a certificate installed in a certificate store by providing a subject name or a thumbprint.
Note
Package signing is not yet supported in .NET Core, under Mono, or on non-Windows platforms.
Usage
nuget sign <package(s)> [options]
where <package(s)> is one or more .nupkg files.
Options
-CertificateFingerprintSpecifies the fingerprint to be used to search for the certificate in a local certificate store.
Starting with NuGet.exe 6.12, this option can be used to specify the SHA-1, SHA-256, SHA-384, or SHA-512 fingerprint of the certificate. However, a
NU3043warning is raised when a SHA-1 certificate fingerprint is used because it is no longer considered secure. In NuGet.exe 7.0 and later versions, the warning is elevated to an error. Only SHA-2 family fingerprints (SHA-256, SHA-384, and SHA-512) are supported.All the previous versions of the NuGet.exe continue to accept only SHA-1 certificate fingerprint.
-CertificatePasswordSpecifies the certificate password, if needed. If a certificate is password protected but no password is provided, the command will prompt for a password at run time, unless the
-NonInteractiveoption is passed.-CertificatePathSpecifies the file path to the certificate to be used in signing the package.
-CertificateStoreLocationSpecifies the name of the X.509 certificate store use to search for the certificate. Defaults to "CurrentUser", the X.509 certificate store used by the current user. This option should be used when specifying the certificate via
-CertificateSubjectNameor-CertificateFingerprintoptions.-CertificateStoreNameSpecifies the name of the X.509 certificate store to use to search for the certificate. Defaults to "My", the X.509 certificate store for personal certificates. This option should be used when specifying the certificate via
-CertificateSubjectNameor-CertificateFingerprintoptions.-CertificateSubjectNameSpecifies the subject name of the certificate used to search a local certificate store for the certificate. The search is a case-insensitive string comparison using the supplied value, which will find all certificates with the subject name containing that string, regardless of other subject values. The certificate store can be specified by
-CertificateStoreNameand-CertificateStoreLocationoptions.-ConfigFileThe NuGet configuration file to apply. If not specified,
%AppData%\NuGet\NuGet.Config(Windows), or~/.nuget/NuGet/NuGet.Configor~/.config/NuGet/NuGet.Config(Mac/Linux) is used.-ForceEnglishOutputForces nuget.exe to run using an invariant, English-based culture.
-HashAlgorithmHash algorithm to be used to sign the package. Defaults to SHA256. Possible values are SHA256, SHA384, and SHA512.
-?|-helpDisplays help information for the command.
-NonInteractiveSuppresses prompts for user input or confirmations.
-OutputDirectorySpecifies the directory where the signed package should be saved. By default the original package is overwritten by the signed package.
-OverwriteSwitch to indicate if the current signature should be overwritten. By default the command will fail if the package already has a signature.
-TimestamperURL to an RFC 3161 timestamping server.
-TimestampHashAlgorithmHash algorithm to be used by the RFC 3161 timestamp server. Defaults to SHA256.
-Verbosity [normal|quiet|detailed]Specifies the amount of detail displayed in the output:
normal(the default),quiet, ordetailed.
Examples
nuget sign MyPackage.nupkg -CertificatePath .\..\certificate.pfx -Timestamper http://timestamp.test
nuget sign .\..\MyPackage.nupkg -CertificateStoreLocation CurrentUser -CertificateStoreName My -CertificateSubjectName 'subject name' -Timestamper http://timestamp.test -OutputDirectory .\..\Signed