locked
Signtool.exe succeeds but no signatures are added RRS feed

  • Question

  • I'm writing a custom CNG provider (Key Storage Provider) to allow signing using our private HSM API in Signtool.exe

    I implemented the APIs in my CNG provider and successfully installed in my Windows 10 system.

    I used below command to sign an executable

    signtool.exe sign /v /debug /f cert.cer /csp "Sample Key Storage Provider" /k "keyid" /t http://timestamp.digicert.com /fd sha256 helloworld.exe
    

    The command succeeds with return code zero. However, Signtool adds no signatures to the file.

    > signtool.exe verify /v /pa helloworld.exe
    
    Verifying: helloworld.exe
    Signature Index: 0 (Primary Signature)
    Hash of file (sha256): 3338A11DDAB9CBB7B39E65C30F235C2DF8EDE17BB5BE759A3213D25EC286F390
    
    Signing Certificate Chain:
        Issued to: Sample Certificate Authority
        Issued by: Sample Certificate Authority
        Expires:   Fri Feb 07 21:37:36 2070
        SHA1 hash: 2B5B37DADFCBD018BDB2789176A69708FFCA25E0
    
            Issued to: Sample test certificate
            Issued by: Sample Certificate Authority
            Expires:   Thu May 28 13:40:10 2020
            SHA1 hash: A679DF5E89B9C23E57E89AEB434CA98230F52DC3
    
    The signature is timestamped: Sun Mar 29 16:44:01 2020
    Timestamp Verified by:
        Issued to: DigiCert Assured ID Root CA
        Issued by: DigiCert Assured ID Root CA
        Expires:   Sun Nov 09 17:00:00 2031
        SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    
            Issued to: DigiCert SHA2 Assured ID Timestamping CA
            Issued by: DigiCert Assured ID Root CA
            Expires:   Tue Jan 07 05:00:00 2031
            SHA1 hash: 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
    
                Issued to: TIMESTAMP-SHA256-2019-10-15
                Issued by: DigiCert SHA2 Assured ID Timestamping CA
                Expires:   Wed Oct 16 17:00:00 2030
                SHA1 hash: 0325BD505EDA96302DC22F4FA01E4C28BE2834C5
    
    SignTool Error: No signature found.
    
    Number of files successfully Verified: 0
    Number of warnings: 0
    Number of errors: 1

    What could be the issue?

    Tuesday, March 31, 2020 6:13 AM