signing windows binaries

.github/workflows/build_rust.yaml

@@ -83,6 +83,18 @@ jobs:
         if: matrix.os == 'windows-latest'
         run: cp target/release/eim.exe release/${{ matrix.package_name }}/eim.exe
 
+      - name: Sign Windows Binary
+        if: matrix.platform == 'windows-latest'
+        env:
+          WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
+          WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
+          WINDOWS_SIGN_TOOL_PATH: 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\signtool.exe'
+        run: |
+          echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
+          certutil -decode cert.b64 cert.pfx
+          Remove-Item cert.b64
+          & "$env:WINDOWS_SIGN_TOOL_PATH" sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release/${{ matrix.package_name }}/eim.exe
+
       - name: Copy binary to release directory POSIX
         if: matrix.os != 'windows-latest'
         run: |