SignTool不使用SHA256签名ClickOnce应用,仅使用SHA1 [英] SignTool Not Signing ClickOnce App Using SHA256, Only Uses SHA1
问题描述
我正在尝试对我的clickonce应用程序进行签名.我有一个使用SHA256的EV代码签名证书.问题是,当我使用post build命令对我的应用进行签名时,似乎正在使用SHA1而不是SHA256.这是输出窗口的片段:
I'm trying to sign my clickonce app. I have an EV code signing certificate that is using SHA256. The problem is that when I sign my app using the post build commands, it seems to be using SHA1 instead of SHA256. Here is a clip of the output window:
Running Code Analysis...
1> Code Analysis Complete -- 0 error(s), 0 warning(s)
1> The following certificate was selected:
1> Issued to: Certificate Subject Name Here
1>
1> Issued by: DigiCert EV Code Signing CA (SHA2)
1>
1> Expires: Thu Apr 14 06:00:00 2016
1>
1> SHA1 hash: HASH-HERE
1>
1>
1> Done Adding Additional Store
1> Successfully signed and timestamped: C:\Users\AnyBody\Documents\Visual Studio 2013\Projects\My Project\Project Folder\obj\x86\My Configuration\MyProgram.exe
1>
1>
1> Number of files successfully Signed: 1
1>
1> Number of warnings: 0
1>
1> Number of errors: 0
这是我正在使用的构建后命令:
Here is the post build command I am using:
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /fd SHA256 /t "http://timestamp.digicert.com" /n "Certificate Subject Name Here" /v "$(ProjectDir)obj\x86\$(ConfigurationName)\$(TargetFileName)"
当我查看文件的属性时,可以看到MyProgram.exe.deploy附加了数字签名.
I can see that MyProgram.exe.deploy has the digital signature attached when I look at the file's properties.
运行signtool/verify时没有返回错误
There are no errors returned when i run signtool /verify
当我尝试启动该应用程序时,出现错误应用程序验证未成功.无法继续".
When I try to launch the app, I get the error "Application validation did not succeed. Unable to continue".
在错误消息的详细信息中,有以下行:
In the details of the error message, there is this line:
+ File, MyProgram.exe, has a different computed hash than specified in manifest.
打开并查看清单时,MyProgram.exe的哈希指定为SHA256
When I open and look at the manifest, the hash for MyProgram.exe is specified as SHA256
可能是什么问题?是什么使signtool拒绝使用SHA256?根据我的阅读,默认情况下应该使用SHA256.
What could be the problem? What is making signtool refuse to use SHA256? From what I've read, it should be using SHA256 by default.
我没有安装或重新安装Visual Studio,Windows sdk,所有已安装的.net库,都无济于事.
I have unistalled/reinstalled visual studio, windows sdk, all installed .net libraries to no avail.
我真的希望有人有主意...
I'm really hoping someone has some idea...
推荐答案
WPF应用程序是否存在此问题?如果是这样,则在AfterCompile目标中对可执行文件进行签名应该可以解决您的问题.那对我有用.
Are you having this issue with a WPF application? If so signing the executable in the AfterCompile target should resolve your problem. That worked for me.
对此有更多讨论:
显然,Phil使用PostBuild或 BeforePublish命令,当用户安装它时,他会感到恐惧 "exe的计算哈希与清单中指定的哈希不同" 错误.他发现使用AfterCompile可以解决问题.
Apparently when Phil signs his executable using PostBuild or BeforePublish commands, when the user installs it, he gets the dreaded "exe has a different computed hash than specified in the manifest" error. He found that using AfterCompile instead fixed the problem.
http://robindotnet.wordpress.com/2013/04/14/windows-8-and-clickonce-the-definitive-answer-revisited/
这篇关于SignTool不使用SHA256签名ClickOnce应用,仅使用SHA1的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!