I'm trying to sign my clickonce app. I have an EV code signing certificate that is using SHA256. The problem is that when I sign my app using the post build commands, it seems to be using SHA1 instead of SHA256. Here is a clip of the output window:
Running Code Analysis...
1> Code Analysis Complete -- 0 error(s), 0 warning(s)
1> The following certificate was selected:
1> Issued to: Certificate Subject Name Here
1>
1> Issued by: DigiCert EV Code Signing CA (SHA2)
1>
1> Expires: Thu Apr 14 06:00:00 2016
1>
1> SHA1 hash: HASH-HERE
1>
1>
1> Done Adding Additional Store
1> Successfully signed and timestamped: C:\Users\AnyBody\Documents\Visual Studio 2013\Projects\My Project\Project Folder\obj\x86\My Configuration\MyProgram.exe
1>
1>
1> Number of files successfully Signed: 1
1>
1> Number of warnings: 0
1>
1> Number of errors: 0
Here is the post build command I am using:
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /fd SHA256 /t "http://timestamp.digicert.com" /n "Certificate Subject Name Here" /v "$(ProjectDir)obj\x86\$(ConfigurationName)\$(TargetFileName)"
I can see that MyProgram.exe.deploy has the digital signature attached when I look at the file's properties.
There are no errors returned when i run signtool /verify
When I try to launch the app, I get the error "Application validation did not succeed. Unable to continue".
In the details of the error message, there is this line:
+ File, MyProgram.exe, has a different computed hash than specified in manifest.
When I open and look at the manifest, the hash for MyProgram.exe is specified as SHA256
What could be the problem? What is making signtool refuse to use SHA256? From what I've read, it should be using SHA256 by default.
I have unistalled/reinstalled visual studio, windows sdk, all installed .net libraries to no avail.
I'm really hoping someone has some idea...
https://stackoverflow.com/questions/21844014
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian