EDN Admin
Well-known member
How do I use signtool with /CSP option? It cannot find the keys and says " SignTool Error: No certificates were found that met all the given criteria ."
I must store signing data in the Crypto Provider Store (CSP) to make it available for use by a (non-log-in) service, but need help getting it to work please...
I exported my certificate, with its private key, from my personal store to a PKCS#12 (pfx) file. The file can be used for signing, so presumably it is valid, like this:
<pre><span> signtool sign /f mycert.pfx /p password MyBinary.exe
<span>Done Adding Additional Store
<span>Successfully signed: MyBinary.exe[/code]
Then imported the keys into the CSP using the strong name tool
<pre><span> sn -i mycert.pfx MyKC
<span>Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.1
<span>Copyright (c) Microsoft Corporation. All rights reserved.
<span>Enter the password for the PKCS#12 key file:
<span>Key pair installed into MyKC[/code]
Looks good, but signtool is not able to use it:
<pre><span> signtool sign /a /v /sm /csp "Microsoft Strong Cryptographic Provider" /kc MyKC /n "mycompany" -d "my app" MyBinary.exe
<span>SignTool Error: No certificates were found that met all the given criteria.
<span>Number of files successfully Signed: 0
<span>Number of warnings: 0
<span>Number of errors: 1
[/code]
What can I do to make this work? I may be missing some obvious command line options, but have run out of ideas. The solution must use the CSP.
Thanks for any suggestions.<br/>
Alan
(Fwiw the certificate was usually used as a CER file with the sha option to signtool:
<pre><span> signtool sign -a -v -sha1 "123456789012345678901234567890123456789"
<span> -ac mycert.cer -n "mycompany" -t "http://timestamp.verisign.com/scripts/timstamp.dll" -d "my app" MyBinary.exe[/code]
That works fine but <span style="text-decoration:underline cannot be used under the running service.)<br/>
<br/>
<br/>
View the full article
I must store signing data in the Crypto Provider Store (CSP) to make it available for use by a (non-log-in) service, but need help getting it to work please...
I exported my certificate, with its private key, from my personal store to a PKCS#12 (pfx) file. The file can be used for signing, so presumably it is valid, like this:
<pre><span> signtool sign /f mycert.pfx /p password MyBinary.exe
<span>Done Adding Additional Store
<span>Successfully signed: MyBinary.exe[/code]
Then imported the keys into the CSP using the strong name tool
<pre><span> sn -i mycert.pfx MyKC
<span>Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.1
<span>Copyright (c) Microsoft Corporation. All rights reserved.
<span>Enter the password for the PKCS#12 key file:
<span>Key pair installed into MyKC[/code]
Looks good, but signtool is not able to use it:
<pre><span> signtool sign /a /v /sm /csp "Microsoft Strong Cryptographic Provider" /kc MyKC /n "mycompany" -d "my app" MyBinary.exe
<span>SignTool Error: No certificates were found that met all the given criteria.
<span>Number of files successfully Signed: 0
<span>Number of warnings: 0
<span>Number of errors: 1
[/code]
What can I do to make this work? I may be missing some obvious command line options, but have run out of ideas. The solution must use the CSP.
Thanks for any suggestions.<br/>
Alan
(Fwiw the certificate was usually used as a CER file with the sha option to signtool:
<pre><span> signtool sign -a -v -sha1 "123456789012345678901234567890123456789"
<span> -ac mycert.cer -n "mycompany" -t "http://timestamp.verisign.com/scripts/timstamp.dll" -d "my app" MyBinary.exe[/code]
That works fine but <span style="text-decoration:underline cannot be used under the running service.)<br/>
<br/>
<br/>
View the full article