Forum Discussion

leecroucher's avatar
leecroucher
Copper Contributor
May 17, 2022

signtool cannot sign MSIX files from HSM certificate

I am unable to sign code from signtool.exe using a hardware key provider with this error:

.\signtool.exe sign /fd SHA256 /t http://timestamp.entrust.net/rfc3161ts2 "c:\code\notepad_x64.msix"
Done Adding Additional Store
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: c:\code\notepad_x64.msix

Number of errors: 1

 

Why do MSIX files do not sign?

  • Try using a newer version of SignTool. I vaguely remember a customer hitting the same problem last year because he was using an older version.
  • When using SignTool to sign your app package or bundle, the hash algorithm used in SignTool must be the same algorithm you used to package your app. To find out which hash algorithm was used while packaging your app, extract the contents of the app package and inspect the AppxBlockMap.xml file.
  • The error may also occur if the MSIX you are trying to package is corrupt. Can you please try with another MSIX package and see if it fails as well?

Resources