From 01a385d272edcf5e26a321b63ef16c4f971ff888 Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Thu, 30 Jun 2022 00:41:23 -0400
Subject: [PATCH] docs - adding help info
 https://github.com/Ylianst/MeshCentral/issues/4190

---
 docs/docs/meshcentral/codesigning.md | 57 ++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/docs/docs/meshcentral/codesigning.md b/docs/docs/meshcentral/codesigning.md
index 3934db9d..5cd7404a 100644
--- a/docs/docs/meshcentral/codesigning.md
+++ b/docs/docs/meshcentral/codesigning.md
@@ -6,6 +6,63 @@ Nodejs Code Signing module
   <iframe width="320" height="180" src="https://www.youtube.com/embed/xteKscs_Jgo" frameborder="0" allowfullscreen></iframe>
 </div>
 
+MeshCentral comes with authenticode.js, you can run it like this:
+
+```bash
+node node_modules/meshcentral/authenticode-js
+```
+
+and you will get
+
+```
+MeshCentral Authenticode Tool.
+Usage:
+  node authenticode.js [command] [options]
+Commands:
+  info: Show information about an executable.
+          --exe [file]             Required executable to view information.
+          --json                   Show information in JSON format.
+  sign: Sign an executable.
+          --exe [file]             Required executable to sign.
+          --out [file]             Resulting signed executable.
+          --pem [pemfile]          Certificate & private key to sign the executable with.
+          --desc [description]     Description string to embbed into signature.
+          --url [url]              URL to embbed into signature.
+          --hash [method]          Default is SHA384, possible value: MD5, SHA224, SHA256, SHA384 or SHA512.
+          --time [url]             The time signing server URL.
+          --proxy [url]            The HTTP proxy to use to contact the time signing server, must start with http://
+  unsign: Remove the signature from the executable.
+          --exe [file]             Required executable to un-sign.
+          --out [file]             Resulting executable with signature removed.
+  createcert: Create a code signging self-signed certificate and key.
+          --out [pemfile]          Required certificate file to create.
+          --cn [value]             Required certificate common name.
+          --country [value]        Certificate country name.
+          --state [value]          Certificate state name.
+          --locality [value]       Certificate locality name.
+          --org [value]            Certificate organization name.
+          --ou [value]             Certificate organization unit name.
+          --serial [value]         Certificate serial number.
+  timestamp: Add a signed timestamp to an already signed executable.
+          --exe [file]             Required executable to sign.
+          --out [file]             Resulting signed executable.
+          --time [url]             The time signing server URL.
+          --proxy [url]            The HTTP proxy to use to contact the time signing server, must start with http://
+
+Note that certificate PEM files must first have the signing certificate,
+followed by all certificates that form the trust chain.
+
+When doing sign/unsign, you can also change resource properties of the generated file.
+
+          --filedescription [value]
+          --fileversion [value]
+          --internalname [value]
+          --legalcopyright [value]
+          --originalfilename [value]
+          --productname [value]
+          --productversion [value]
+```
+
 ## Automatic Agent Code Signing
 
 If you want to self-sign the mesh agent so you can whitelist the software in your AV, and lock it to your server and organization.