Signtool.exe is not finding my custom KSP RRS feed

  • Question

  • I wrote a custom KSP based on Microsoft's KSP sample from CPDK. I registered the CSP and moved the dll to System32 directory. I'm using below command to sign a exe file.

    signtool.exe sign /f cert.cer /csp "Sample Key Storage Provider" /kc testing-key-container /v /fd sha256 HelloWorld.exe

    However, Signtool.exe is failing with below error
    signtool.exe : SignTool Error: No private key is available.

    I updated my custom CSP to write logs to a file to see if Signtool.exe is even invoking my CSP or not. Surprisingly, I don't see any logs.

    However using `certutil.exe -csp "Sample Key Storage Provider" -csptest` successfully created the logs. This made me realize that Signtool.exe is not even finding my custom CSP. I made sure that the CSP is registered with signing algorithm for RSA.

    What i'm doing wrong here?
    Tuesday, March 17, 2020 8:17 PM