What's the main difference between signcode.exe and signtool.exe?

Question

I can't really see a big difference other than signtool is newer and requires different file formats for your digital certificate?

Answer 1

They both accomplish the same thing -- code signing. As you pointed out, the principal difference is that signcode requires the private key and software publisher certificate to be in two separate files (.pvk, .spc).

The more modern signtool requires that they are contained in a single Personal Information Exchange (.pfx) file. (You also need the .pfx file format to use the Association of Shareware Professionals' PAD signing toolkit.)

Answer 2

In addition to John Feminella's answer above, signtool allows you to alternatively provide the thumbprint hash of the certificate instead of the .pfx file if the cert is loaded into the local (user or machine) certificate store.