Sign Windows binaries with a digital certificate

[jackwotherspoon]

trafficstars

Supply chain security often requires binaries to be verified prior to use.

The current recommended way is to use the sha256 sums from the releases page to verify against the installed binary.

However, this may not be ideal for organizations looking to automate this process as the shasums will change release to release.

A separate solution for Windows would be to sign the binaries with a digital certificate that specifies the binary was signed and built by Google.