Mage

Mage (Manifest Generation and Editing Tool) is a command-line tool used for signing manifests and creating deployment manifests for ClickOnce applications. The mage.exe tool is included with the .NET Framework SDK and can also be accessed via the Visual Studio Command Prompt.

Mage's Signing Capabilities

Mage can be used to sign:

.manifest
.application

Download Mage

Download mage.exe by installing Windows SDK. Mage is automatically installed with Visual Studio.

Mage file location:

C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools

Sign Manifest Files with Mage using AppViewX CSP

Prerequisites:

Execute the AppViewX SIGN+ Installer to set up the prerequisites for using the AppViewX CSP.
Installed mage.exe.
Note: When you sign a manifest file with mage, AppViewX SIGN+ uses two signature units. This is due to the creation of two hash signatures for different types of content within the manifest.
- The initial hash signature is created for the manifest file itself.
- The second hash signature is created for the files referenced within the manifest.
This dual-signing process ensures the integrity of both the manifest file and its referenced files, protecting against any tampering attempts.

Sign Command

mage.exe -Sign <input_file_path> -TimeStampUri <timestamp_url> -CertHash <SHA1 Thumbprint> -Algorithm <digest algorithm>

-TimeStampUri <timestamp_url>: Timestamping URL
-CertHash <SHA1 Thumbprint>: SHA1 Thumbprint of Signing Certificate
-Algorithm <digest algorithm>: Hashing Algorithm.

The <timestamp_url>, <SHA1 Thumbprint> and <digest algorithm> are auto generated in the README after running the SIGN+ Installer.

Verify Command

mage -verify <file_name>