Projects
Projects let you save signing configurations for each of your applications. Once configured, you can re-sign with a single click.
Creating a Project
From the Dashboard, click New Project to get started. You will need to provide a project name and select the application you want to sign.
On macOS, point to your .app bundle. On Windows, select
your .exe file. KestrelSign analyzes the target and
detects the framework type (Electron, Qt, Python/fbs, .NET, etc.)
to determine the correct signing strategy.
Project Settings
Each project stores its own signing configuration, including:
- Application path -- the target app bundle or executable
- Signing certificate -- which certificate to use from your store or keychain
- Entitlements (macOS) -- hardened runtime, JIT, unsigned memory, and other entitlement flags
- Timestamp server (Windows) -- the RFC 3161 timestamp URL for Authenticode signatures
- Notarization settings (macOS) -- whether to automatically notarize and staple after signing
- Installer settings (Pro) -- NSIS, DMG, or pkg configuration if building installers
The Project Dashboard
Selecting a project from the list opens the project dashboard. This is your command center for that application. From here you can:
- View the current signing status and last operation details
- Start a new signing operation
- Run signature verification on the target
- Submit for notarization (macOS)
- Build an installer (Pro)
- View reports and logs from previous operations
Framework Detection
KestrelSign automatically detects the framework your application was built with. This matters because different frameworks produce different bundle structures, and the signing sequence must account for nested frameworks, helper applications, and dynamic libraries.
Supported frameworks include Electron, Qt/C++, Python (fbs/PyInstaller), .NET, WPF, Flutter, Tauri, Unity, Java/Swing, and more. For unrecognized structures, KestrelSign falls back to a general-purpose signing strategy that handles most cases.
Inside-Out Signing
Complex app bundles contain nested components that must be signed in a specific order -- from the innermost items outward. KestrelSign handles this automatically. It walks the bundle structure, identifies all signable components, and signs them in the correct sequence.
This is especially important for Electron applications, which contain nested frameworks (Electron Framework, Squirrel helper apps) and dynamic libraries that must each be individually signed before the outer bundle can be signed.
Tip: If you update your application and need to re-sign, simply open the project and click Sign again. KestrelSign re-scans the bundle and handles any structural changes automatically.
Managing Projects
You can rename, duplicate, or delete projects from the project list. Project configurations are stored locally in KestrelSign's database, so they persist across application restarts.
If you move your application to a different directory, update the application path in the project settings. KestrelSign will detect the path change and prompt you to update it.