TcSignTool - Storage of the certificate password outside the project

The TcSignTool can be used to store a password for a TwinCAT user certificate in the registry. Thus, the password is not needed in the projects, where the passwords would end up unintentionally in version control systems.

The TcSignTool is a command line program located in the path C:\TwinCAT\3.1\sdk\Bin\ or C:\Program Files (x86)\Beckhoff\TwinCAT\3.1\SDK\Bin.

The storage of the password is carried out with the following parameters:

tcsigntool grant /f "…CustomConfig\Certificates\MyCertificate.tccert" /p MyPassword

The password is deleted with the following parameters:

tcsigntool grant /f "…CustomConfig\Certificates\MyCertificate.tccert" /r

The unencrypted password is stored under: HKEY_CURRENT_USER\SOFTWARE\Beckhoff\TcSignTool\