As you have likely realized SignFile needs a key container with a private key to sign your file. You can read more about key containers and keys here:
Often you'll generate the private/public key pair with makecert. You’ll then use the keys makecert generated when calling signfile.
But, what if you want to sign files on a machine you didn't create the public/private key pair on? In that case you'll need a tool that can:
(1) Export your private key from a named key container.
(2) Import your exported private key to a named key container.
Unfortunately I'm not away of an MS tool that will do this. However, writing such a tool for the desktop should be pretty easy. Look at the CryptExportKey/CryptImportKey API's.
When I get more time I'll post the code for this, or if someone writes this code in the mean time, feel free to attach it to this blog.
[Author: Igor Dvorkin]