Unable to sign msix package: error: This file format cannot be signed because it is not recognized.


I am trying to sign msix package using self signed certificate, I have created self signed certificate using powershell when I sign the msix file from my local using signtool command (SignTool sign /fd sha256 /a /f D:\test.pfx /p password D:\test.msix) the msix file got signed successfully, but in devops when I use the same certificate getting below error :

SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: C:\__w\1\a\OneLake.msix
Below are the tasks used in yaml file:
            displayName'Azure Key VaultMSBIESTier1Testing'
              SecretsFilter: cert
            displayName'MSIX build and package'
              msbuildLocation'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\MSBuild\Current\Bin\MSBuild.exe'
              msbuildArguments'/v:n /nr:false /flp1:Verbosity=d;LogFile=$(OUTPUTROOT)\logs\msbuild_x64_release.log;Encoding=UTF-8 /flp2:logfile=$(OUTPUTROOT)\logs\msbuild_x64_release.err;errorsonly /bl:$(OUTPUTROOT)\logs\msbuild_x64_release.binlog'

  - task: MSIX.msix-ci-automation-task.msix-signing.MsixSigning@1
            displayName: 'Sign MSIX package'
              certificateType: base64
              encodedCertificate: '$(cert)'
Can you please help us here ?
3 Replies

Hi @KalyaniParne,


This seems more like a signtool issue. Can you telll us the version(s) of signtool you are using in your local machine and ADO?

@Aniket_Banerjee : in my local I could see it is 10.0.22000.0(C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x86\signtool.exe), I am not sure how to check in ADO but in the logs I could see this "C:\__w\_tasks\MsixSigning_501a9528-7fa4-4cb5-b8da-79ded62b74eb\1.1.1\lib\signtool.exe"

Any updates on this issue? I'm encountering the same thing.