How to use Signtool with CSP store? getting "No certificates were found that met all the given cri

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
How do I use signtool with /CSP option? It cannot find the keys and says " SignTool Error: No certificates were found that met all the given criteria ."
I must store signing data in the Crypto Provider Store (CSP) to make it available for use by a (non-log-in) service, but need help getting it to work please...
I exported my certificate, with its private key, from my personal store to a PKCS#12 (pfx) file. The file can be used for signing, so presumably it is valid, like this:

<pre><span> signtool sign /f mycert.pfx /p password MyBinary.exe
<span>Done Adding Additional Store
<span>Successfully signed: MyBinary.exe[/code]

Then imported the keys into the CSP using the strong name tool

<pre><span> sn -i mycert.pfx MyKC
<span>Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.1
<span>Copyright (c) Microsoft Corporation. All rights reserved.

<span>Enter the password for the PKCS#12 key file:
<span>Key pair installed into MyKC[/code]

Looks good, but signtool is not able to use it:

<pre><span> signtool sign /a /v /sm /csp "Microsoft Strong Cryptographic Provider" /kc MyKC /n "mycompany" -d "my app" MyBinary.exe
<span>SignTool Error: No certificates were found that met all the given criteria.

<span>Number of files successfully Signed: 0
<span>Number of warnings: 0
<span>Number of errors: 1
[/code]

What can I do to make this work? I may be missing some obvious command line options, but have run out of ideas. The solution must use the CSP.
Thanks for any suggestions.<br/>
Alan

(Fwiw the certificate was usually used as a CER file with the sha option to signtool:

<pre><span> signtool sign -a -v -sha1 "123456789012345678901234567890123456789"
<span> -ac mycert.cer -n "mycompany" -t "http://timestamp.verisign.com/scripts/timstamp.dll" -d "my app" MyBinary.exe[/code]
That works fine but <span style="text-decoration:underline cannot be used under the running service.)<br/>
<br/>


<br/>

View the full article
 


Write your reply...
Back
Top