How can I specify an E-Mail address when signing a binary file?

The email property it's extracted from emailAddress in a subject distinguished name field of your certificate.

You can make a test using openssl to generate a selfsigned certificate (then you can generate a CSR with an emailAddress and send to the certificate authority to generate a valid end-entity certificate). To test it you can do the follow steps:

Generate self-signed certificate using the follow openssl command

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365

Then you will be asked to enter the follow parameters (all for a subject of the certificate):

To avoid this prompt you can directly specify the subject in the previous command using -subj as follow:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -subj "/C=ES/ST=58/L=Barcelona/O=yourOrgName/OU=yourDept/CN=yourAppName/emailAddress=myEmail@test.com"

Now you can generate a p12 (or pfx) from the generated key and cert using the follow command:

openssl pkcs12 -export -out myTestWithMail.pfx -inkey key.pem -in cert.pem

Now you have a p12 (myTestWithMail.pfx), that you can use to sign an exe or dll using the follow signtool command. For example I sign notepad++.exe (as in the examples you link in your question):

signtool.exe sign /f C:\Users\Albert\myTestWithMail.pfx /p 1234 "C:\Program Files (x86)\Notepad++\notepad++.exe"

Note that /f is for the path of your signing key, and /p is the password for your key.

Now you can see the email in the file you sign:

So finally if you need a certificate from a certificate authority you have to generate the CSR specifying emailAddress for example using openssl command:

openssl req -new -newkey rsa:2048 -nodes -out yourAppName.csr -keyout yourAppName.key -subj "/C=ES/ST=58/L=Barcelona/O=yourOrgName/OU=yourDept/CN=yourAppName/emailAddress=myEmail@test.com"

Or alternatively without specifying -subj parameter and enter the correct values for subject distinguished name when are prompted:

openssl req -new -newkey rsa:2048 -nodes -out yourAppName.csr -keyout yourAppName.key

Hope this helps,

Short answer: Yes, the e-mail address is part of the certificate and no, you cannot specify it when signing a binary file.

Long answer: @albciff pointed out how to generate a certificate which has an email address associated with it but it seems you're out of luck in case you bought the certificate from Thawte; my colleague asked this exact question to the technical support of our certificate provider (Thawte) which replied:

When enrolling for a Code Signing certificate the email address used is not part of the validation process. Unfortunately, because the email is not part of the validation process it will not be included in the properties of the signed code.

Furthermore, tech support referred us tothis article in the 'Thawte Knowledge Center' which explains:

The e-mail address always appears as "not available" when viewing the properties of signed code. This is because the certificate validates the organization but requires no information about the e-mail address of the organization. Thus, we have validated the organization, but have not validated the e-mail. This in no way lessens the value or usefulness of your ID.

So not only is the email address part of the certificate, whether you can associate an email address with the certificate also depends on who issued the certificate.