Forum Discussion

Brass Contributor

Aug 17, 2025

Why is it impossible to sign a .exe that is included in an msix?

I have a solution that has two projects. One projects makes a wpf exe. I call signtool in the post build step and it signs the .exe no problem. The other wapproj project publishes this into an msix a...

Bogdan Mitrache

Iron Contributor

Aug 21, 2025

Have you tried the built-in options from VS (2019 or 2022) to sign the assembly?
https://learn.microsoft.com/en-us/visualstudio/ide/managing-assembly-and-manifest-signing?view=vs-2022#how-to-sign-an-assembly-in-visual-studio

We sign the files from our packaging tool (Advanced Installer), so I haven't tried lately to sign them directly from VS. However, I see no reason why this shouldn't work.

Disclaimer: I work on the team building Advanced Installer.

TIMOTHY_MANGAN

MVP

Aug 25, 2025

Yes - it is wise to sign the executables that are inside the MSIX also. This is needed for more security conscious customers using things like WDAG, AppLocker, and other software execution protection schemes.

Bogdan's approach is correct for projects that allow this. For others that don't (or only allow authenticode signing), you would use a post build script to perform the exe signing.

And then use the build project for MSIX and get the package signed also.