Forum Discussion
signtool cannot sign MSIX files from HSM certificate
I am unable to sign code from signtool.exe using a hardware key provider with this error:
.\signtool.exe sign /fd SHA256 /t http://timestamp.entrust.net/rfc3161ts2 "c:\code\notepad_x64.msix"
Done Adding Additional Store
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: c:\code\notepad_x64.msix
Number of errors: 1
Why do MSIX files do not sign?
- This group is miles of.....
https://www.a6n.co.uk/2022/05/msix-update-signing-code-with-timestamp.html
You need the signtool from Windows 11 and the CN= of the package needs to match the CN= of the certificate
7 Replies
harshada2019Microsoft
The error may also occur if the MSIX you are trying to package is corrupt. Can you please try with another MSIX package and see if it fails as well?- This group is miles of.....
https://www.a6n.co.uk/2022/05/msix-update-signing-code-with-timestamp.html
You need the signtool from Windows 11 and the CN= of the package needs to match the CN= of the certificate
- When using SignTool to sign your app package or bundle, the hash algorithm used in SignTool must be the same algorithm you used to package your app. To find out which hash algorithm was used while packaging your app, extract the contents of the app package and inspect the AppxBlockMap.xml file.
mridulgupta Checked that file and its SHA256
HashMethod="http://www.w3.org/2001/04/xmlenc#sha256
Exactly the same hash algorithm as the command used in Signtool so its not that?
leecroucher Please check the version of the sign tool and the subject of the certificate, if that matches to the publisher in the manifest. If it doesn't match, use this script to sign the package.
- Try using a newer version of SignTool. I vaguely remember a customer hitting the same problem last year because he was using an older version.
Bogdan Mitrache - I am using the Windows 11 SDK, the latest version - Same error
