It is all done in an ANT script, this is the ANT target
Code:
<!-- Sign COD modules to allow access to secure APIs -->
<target name="requestSignature" description="Request signature to access secure APIs on the device">
<java jar="${blackberry.lib.dir}/SignatureTool.jar" fork="true" failonerror="true">
<arg line="-a -C"/>
<arg line="'${output.cod.dir}/${module.name}.cod'"/>
<arg line="'${output.cod.dir}/${options.module.name}.cod'"/>
</java>
</target>
The SignatureTool.jar and sigtool.* files are in ${blackberry.lib.dir} along with all of the other tools like rapc.exe, rapc.jar, net_rim_api.jar