A MSBuild task to digitally sign an assembly using Authenticode.
I'm glad you mentioned this, yes it does already exist. However it is limited in that the certificate must be installed in the CurrentUser/My certificate store; this was a limiting factor for my build process.
I do use signtool.exe particuarly with the /sm and /s store_name switches. This will allow you to do everything that this build task can do in a command line.
I wrote this in part as an excercise in learning more about signing files, Powershell and MsBuild. Also if you already have an assembly with custom build tasks; this may fit better with your DevOps or Build team.
Take a look in the test targets for examples; but essentially you use it like this:
<AuthenticodeSignFile
Thumbprint="x509_certificate_thumbprint"
TimestampUrl="timestamp_server_url"
FilePath="path_and_name_of_file_to_sign"
CertificateStoreLocation="CurrentUser or LocalMachine"
CertificateStoreName="store_name" />
This is a way of adding an extra layer of authenticity to an Authenticode signature, and will result in your assembly being countersigned by the timestamp URL of your choice.
Here are the ones I use: