diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6de5f070e..5df5f06c2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -428,28 +428,15 @@ jobs:
       - name: Patch Application Directory
         run: |
           cp dist/win/contrib/* appdir/Cryptomator
-      - name: Import codesign cert
-        run: echo -n "$CODESIGN_P12_BASE64" | base64 --decode > $RUNNER_TEMP/codesign.p12
-        env:
-          CODESIGN_P12_BASE64: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
       - name: Codesign
-        run: |
-          SIGNTOOL_PATH="C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe"
-          for BINARY_FILE in `find appdir/Cryptomator -name "*.dll" -o -name "*.exe"`; do
-            ${SIGNTOOL_PATH} sign /v \
-              /f ${RUNNER_TEMP}/codesign.p12 \
-              /d "Cryptomator" \
-              /du "https://cryptomator.org" \
-              /p ${CODESIGN_P12_PW} \
-              /fd SHA256 \
-              /sha1 ${CODESIGN_CERT_SHA1} \
-              /tr "http://timestamp.sectigo.com" \
-              /td SHA256 \
-              ${BINARY_FILE}
-          done
-        env:
-          CODESIGN_P12_PW: ${{ secrets.WIN_CODESIGN_P12_PW }}
-          CODESIGN_CERT_SHA1: FF52240075AD7D14AF25629FDF69635357C7D14B
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: FF52240075AD7D14AF25629FDF69635357C7D14B
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: appdir/Cryptomator
+          recursive: true
       - name: Create MSI
         run: >
           ${JAVA_HOME}/bin/jpackage
@@ -463,21 +450,13 @@ jobs:
           --copyright "(C) 2016 - 2021 Skymatic GmbH"
           --app-version "${{ needs.metadata.outputs.versionNum }}"
       - name: Codesign MSI
-        run: |
-          SIGNTOOL_PATH="C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe"
-          ${SIGNTOOL_PATH} sign /v \
-            /f ${RUNNER_TEMP}/codesign.p12 \
-            /d "Cryptomator" \
-            /du "https://cryptomator.org" \
-            /p ${CODESIGN_P12_PW} \
-            /fd SHA256 \
-            /sha1 ${CODESIGN_CERT_SHA1} \
-            /tr "http://timestamp.sectigo.com" \
-            /td SHA256 \
-            installer/Cryptomator-${{ needs.metadata.outputs.versionNum }}.msi
-        env:
-          CODESIGN_P12_PW: ${{ secrets.WIN_CODESIGN_P12_PW }}
-          CODESIGN_CERT_SHA1: FF52240075AD7D14AF25629FDF69635357C7D14B
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: FF52240075AD7D14AF25629FDF69635357C7D14B
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: installer
       - name: Upload win-msi
         uses: actions/upload-artifact@v2
         with: