I have a Digicert SafeNet USB token (EV code signing certificate), that I use with digicertutil.exe each time I need to sign a .exe file.
Problem: I don't want to have to bring this sensitive USB token with me all the time. But still I'd like to be able to codesign a .exe even when the hardware token is not with me (I prefer to let the USB token in a secure place, once for all, and not carry it with me).
Is there a way with digicertutil.exe or another tool, to save the certificate into a file, such that I can codesign future .exe without the hardware token?
Or is there a way to allow "Don't ask for the hardware token in the next 15 days, but just the password"?
I've never used a code-signing certificate, and have only an elementary understanding of certificates in general, but I did some searching online, and found the following resources:
This website uses something called "OpenToken". It appears to do exactly what you want. It was posted in December 2018, though. I don't know whether any changes have been made to the USBs to render this code useless.
This superuser answer also seems to do what you want.
It's also possible that Digicert will duplicate it for you.
Note that any attempts to duplicate the USB may result in the USB getting reset, as this Quora answer mentions.
Also, note that duplicating a certificate USB may be a very, very, very bad idea.
Edit: This Information Security Stack Exchange notes that USB certificates can just be copied, in which case, maybe you don't need to go to all the trouble of using third-party software to duplicate your certificate.