How to code sign an XML file for Windows 8 Store apps

Question

In order to use certain capabilities in Windows 8 Apps (ie documentsLibrary), the developer must EV Code Sign and XML file from Microsoft, as per the dashboard information:

Certain specialized apps can only be submitted from developer accounts which have undergone additional proof of identity verification. This EV status is obtained by downloading and signing an XML file with an EV code-signing certificate. Most developer accounts do not need this additional status.

In addition, apps that declare the documentsLibrary capability can only be submitted from developer accounts which can demonstrate they have acquired an Extended Validation (EV) code signing certificate from a certificate authority (CA). EV status is confirmed by downloading and signing an XML file provided by the Windows Store portal with a valid EV code-signing certificate obtained through Symantec or Digicert.

I have the XML file, and a certificate from Symantec, however I cannot find any documentation on how to code sign an XML file. The closest I can find is an article on the symantec website about signtool.exe

But when I try to use signtool with Microsoft's XML file I get the error "This file format cannot be signed because it is not recognized".

So my question is, how do I sign this XML file with my certificate so I can upload my app to the store?

Answer 1

The tool you're looking for is here: https://codesignforxml.codeplex.com/

Answer 2

I tried using this tool and after upload I got the error.

"Validation error:   Signature method of EV certificate is not supported."

What does this mean and how do I fix it? The certificate is from Symantec and I think the signing alogirthm is RSA2048. What "signature methods" are supported?

Looking at the XML file, the entry for "SignatureMethod" is

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

I've tried SHA256, 384 and 512 and get the shame error.

Answer 3

Dear OP,

Were you ever able to achieve a solution? We are having the exact same problem and everything turns out to be a dead-end.

Answer 4

No, still waiting for a reply from Microsoft. It's frustrating because we've followed Microsoft's instructions exactly yet still get this non-descriptive validation error.

Answer 5

Figures. As an FYI, here's a ticket on stackoverflow that at least is getting some developer feedback:

http://stackoverflow.com/questions/21149046/how-to-code-sign-an-xml-file-for-windows-8-store-apps/21151344#comment32412535_21151344

Answer 6

Hello Rory,

Would you please post your SR # so I can look into your case?

-Eric

---

Windows Phone Developer Support

Send us your feedback about the Dev Center

Windows 8 UI Developer Support

Answer 7

Can you please look into mine as well? We just got a note back from a rep at Microsoft saying that all questions need to be directed here:

SRX1233247600ID

Answer 8

Hello Quaker Oatmeal,

I can see that you contacted support again and are working with another agent. Please continue to work with developer support to resolve your issue.

-Eric

---

Windows Phone Developer Support

Send us your feedback about the Dev Center

Windows 8 UI Developer Support

Answer 9

As an FYI to anyone who comes across this, we were able to resolve this issue by having the certificates regenerated as SHA2. They came precompiled from digicert as SHA-1, and even though this is the case, the CodeSignForXml.exe will still allow you to compile as SHA-256 without any warnings.