Forum Discussion
Signtool cannot sign msix file produced by dotnet publish
Used dotnet publish to generate a msix package (from Blazor MAUI project). During the process, dotnet has signed the msix file using our EV certificate, but it did not time-stamp it. So we’ve decided...
Fiza_Azmi
Microsoft
MicrosoftHi AndreiBel
To diagnose this issue accurately, please attach the logs or share the error code that the SignTool is generating.
While signing an MSI and an MSIX package share some similarities, they are different. Please verify that the certificate meets requirements for signing MSIX- See here.
Thanks,
Fiza Azmi
PM, MSIX
- It does not show any error code, it only shows the text " This file format cannot be signed because it is not recognized.".
Here the whole output produced:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe" sign /a /sha1 e392... /tr http://timestamp.digicert.com /fd sha256 /td sha256 /d "Test" /du http://www.winability.com "E:\BlazerPublish\BlazorMauiApp1_1.0.3.0_Test\BlazorMauiApp1_1.0.3.0_x64.msix"
Done Adding Additional Store
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: E:\BlazerPublish\BlazorMauiApp1_1.0.3.0_Test\BlazorMauiApp1_1.0.3.0_x64.msix
It does not add anything to the log record under Event Viewer (Local) > Applications and Services Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
Our certificate is EV code signing one. We use it to sign EXEs, DLLs, SYSs, MSIs with no problem. Only MSIX files cannot be signed.
Here is how to easily reproduce this error:
1. Use Visual Studio 2022 to create a fresh new project based on the template .NET Blazor MAUI Application.
2. Use the Publish command with the side-loading option to make it generate an MSIX file.
3. Attempt to use the signtool as in our example to sign the MSIX file.
4. Observe the error.
