none
How to code sign an XML file for Windows 8 Store apps

    Question

  • In order to use certain capabilities in Windows 8 Apps (ie documentsLibrary), the developer must EV Code Sign and XML file from Microsoft, as per the dashboard information:

    Certain specialized apps can only be submitted from developer accounts which have undergone additional proof of identity verification. This EV status is obtained by downloading and signing an XML file with an EV code-signing certificate. Most developer accounts do not need this additional status.

    In addition, apps that declare the documentsLibrary capability can only be submitted from developer accounts which can demonstrate they have acquired an Extended Validation (EV) code signing certificate from a certificate authority (CA). EV status is confirmed by downloading and signing an XML file provided by the Windows Store portal with a valid EV code-signing certificate obtained through Symantec or Digicert.

    I have the XML file, and a certificate from Symantec, however I cannot find any documentation on how to code sign an XML file. The closest I can find is an article on the symantec website about signtool.exe

    But when I try to use signtool with Microsoft's XML file I get the error "This file format cannot be signed because it is not recognized".

    So my question is, how do I sign this XML file with my certificate so I can upload my app to the store?

    Wednesday, January 15, 2014 9:56 PM

Answers

  • As an FYI to anyone who comes across this, we were able to resolve this issue by having the certificates regenerated as SHA2. They came precompiled from digicert as SHA-1, and even though this is the case, the CodeSignForXml.exe will still allow you to compile as SHA-256 without any warnings.
    Friday, January 31, 2014 10:35 PM

All replies

  • The tool you're looking for is here: https://codesignforxml.codeplex.com/
    • Proposed as answer by Ted.D Thursday, January 16, 2014 4:21 AM
    • Unproposed as answer by RoryH1 Thursday, January 16, 2014 4:22 PM
    Thursday, January 16, 2014 4:21 AM
  • I tried using this tool and after upload I got the error.

    "Validation error:   Signature method of EV certificate is not supported."

    What does this mean and how do I fix it? The certificate is from Symantec and I think the signing alogirthm is RSA2048. What "signature methods" are supported?

    Looking at the XML file, the entry for "SignatureMethod" is

    <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

    I've tried SHA256, 384 and 512 and get the shame error.
    • Edited by RoryH1 Thursday, January 16, 2014 11:32 AM
    Thursday, January 16, 2014 11:18 AM
  • Dear OP,

    Were you ever able to achieve a solution? We are having the exact same problem and everything turns out to be a dead-end.

    Friday, January 31, 2014 12:37 AM
  • No, still waiting for a reply from Microsoft. It's frustrating because we've followed Microsoft's instructions exactly yet still get this non-descriptive validation error.
    Friday, January 31, 2014 11:01 AM
  • Figures. As an FYI, here's a ticket on stackoverflow that at least is getting some developer feedback:

    http://stackoverflow.com/questions/21149046/how-to-code-sign-an-xml-file-for-windows-8-store-apps/21151344#comment32412535_21151344

    Friday, January 31, 2014 6:00 PM
  • Hello Rory,

    Would you please post your SR # so I can look into your case?

    -Eric


    Windows Phone Developer Support

    Send us your feedback about the Dev Center

    Windows 8 UI Developer Support

    Friday, January 31, 2014 6:05 PM
    Moderator
  • Can you please look into mine as well? We just got a note back from a rep at Microsoft saying that all questions need to be directed here:

    SRX1233247600ID

    Friday, January 31, 2014 8:15 PM
  • Hello Quaker Oatmeal,

    I can see that you contacted support again and are working with another agent. Please continue to work with developer support to resolve your issue.

    -Eric


    Windows Phone Developer Support

    Send us your feedback about the Dev Center

    Windows 8 UI Developer Support

    Friday, January 31, 2014 9:41 PM
    Moderator
  • As an FYI to anyone who comes across this, we were able to resolve this issue by having the certificates regenerated as SHA2. They came precompiled from digicert as SHA-1, and even though this is the case, the CodeSignForXml.exe will still allow you to compile as SHA-256 without any warnings.
    Friday, January 31, 2014 10:35 PM