locked
how to run VSIXSignTool RRS feed

  • Question

  • following the steps to sign a VSIX package
    https://msdn.microsoft.com/en-us/library/dd997171.aspx

    step 4 says "... You can now run the VSIXSignTool from the project’s local packages location ..."  

    What does that mean? Do I run from the CMD line?

    and what does this tool do for me that the signing tab of project properties does not?

    thanks,

    Tuesday, December 27, 2016 11:55 AM

Answers

  • Hi Steve Richter,

    >>What does that mean? Do I run from the CMD line?

    Yes, if you install the Package, you could the vsixsigntool.exe file in the package folder. then use it in CMD line.

    >>and what does this tool do for me that the signing tab of project properties does not?

    From the document, it describe signing with a password protected certificate file.

    Best regards,

    Cole Wu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Steve Richter Saturday, January 14, 2017 2:00 PM
    Wednesday, December 28, 2016 2:40 PM
  • Hi Steve,

    1. If you use Nuget in your Visual Studio solution to get the VSIXSignTool downloaded to your computer, a "packages" folder is created in the folder that contains your .sln file. Inside that "packages" folder there should be another folder that contains the VSIXSignTool. And then, you need to use a command prompt to execute it manually, or create some script that executes it.

    2. The Signing tab of the project properties (or the sn.exe tool of the .NET Framework SDK) signs the assembly with a strong name. This applies to any kind of VS project that generates a dll or exe. The certificate to sign an assembly is a .snk file that you can generate by yourself (keeping the private key safe). See: Strong-Named Assemblies.

    The VSIXSignTool signs the .vsix file (not the assembly). A .vsix file internally is a .zip file that contains an assembly (strong-named or not) and other files (Vsix manifest, etc.). The certificate to sign a .vsix file cannot be generated by yourself (well, you can, but nobody would trust it), it is a code-signing certificate that an authority generates for you (paying). See: Introduction to Code Signing


    My portal and blog about VSX: http://www.visualstudioextensibility.com
    Twitter: https://twitter.com/VSExtensibility
    MZ-Tools productivity extension for Visual Studio: https://www.mztools.com


    Tuesday, January 3, 2017 5:08 PM

All replies

  • Hi Steve Richter,

    >>What does that mean? Do I run from the CMD line?

    Yes, if you install the Package, you could the vsixsigntool.exe file in the package folder. then use it in CMD line.

    >>and what does this tool do for me that the signing tab of project properties does not?

    From the document, it describe signing with a password protected certificate file.

    Best regards,

    Cole Wu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Steve Richter Saturday, January 14, 2017 2:00 PM
    Wednesday, December 28, 2016 2:40 PM
  • Hi Steve,

    1. If you use Nuget in your Visual Studio solution to get the VSIXSignTool downloaded to your computer, a "packages" folder is created in the folder that contains your .sln file. Inside that "packages" folder there should be another folder that contains the VSIXSignTool. And then, you need to use a command prompt to execute it manually, or create some script that executes it.

    2. The Signing tab of the project properties (or the sn.exe tool of the .NET Framework SDK) signs the assembly with a strong name. This applies to any kind of VS project that generates a dll or exe. The certificate to sign an assembly is a .snk file that you can generate by yourself (keeping the private key safe). See: Strong-Named Assemblies.

    The VSIXSignTool signs the .vsix file (not the assembly). A .vsix file internally is a .zip file that contains an assembly (strong-named or not) and other files (Vsix manifest, etc.). The certificate to sign a .vsix file cannot be generated by yourself (well, you can, but nobody would trust it), it is a code-signing certificate that an authority generates for you (paying). See: Introduction to Code Signing


    My portal and blog about VSX: http://www.visualstudioextensibility.com
    Twitter: https://twitter.com/VSExtensibility
    MZ-Tools productivity extension for Visual Studio: https://www.mztools.com


    Tuesday, January 3, 2017 5:08 PM