locked
VSIXSignTool - error 80510029 RRS feed

  • Question

  • I am trying to use the VSIXSigntool to sign an extension using a Thawte Code Signing Certificate.

    I downloaded the tool from https://www.nuget.org/packages/Microsoft.VSSDK.Vsixsigntool/15.4.27004

    My command line

    c:\temp\vsixsigntool.exe  sign /v /t http://timestamp.globalsign.com/scripts/timestamp.dll  /f "C:\dev\projects\2017.pfx" /p "chdg3731"  /sha1 b8786ee69074ec2f50f6555e5d8c75dbb3693e2d "c:\temp\test.vsix"

    It tells me the following certificate was selected (I needed to specify the SHA1 of the cert in order to select the correct certificate)

    The following certificate was selected:
            Issued to  : COMPANY NAME
            Issued by  : thawte SHA256 Code Signing CA
            From       : Mon Jun 19 13:00:00 2017
            Expiry     : Sun Jun 21 12:59:59 2020
            Sign Method: RSA/SHA256
            SHA1 hash  : b8 78 6e e6 90 74 ec 2f  50 f6 55 5e 5d 8c 75 db b3 69 3e 2d


    I then get the following error

    VsixSignTool Error: Could not sign package "c:\temp\test.vsix": Error Code - 80510029.

    It does it for all vsix files....

    The error code 80510029 has this error description

    The SignatureProperty element with the Id attribute value of "idSignatureTime" does not exist or is not correctly constructed.

    I do not know what that means or how to fix it.

    I did find a code example from Jeff Wilcox - http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ and that will sign the file without issue.

    I however need to have the signed file timestamped and Jeffs code nicely left that out of his sample.

    Any thoughts on how to proceed?



    Chris Crowe

    Sunday, October 29, 2017 10:48 PM

All replies

  • Chris,

    Try to have only one certificate in the .pfx file.

    Alternatively, you can sign with a certificate from a Windows certificates store:

    https://social.msdn.microsoft.com/Forums/en-US/64e21cf2-a0b8-430f-826b-f7c5626c0b02/using-vsixsigntool-with-windows-certificates-store?forum=vsx

    Second alternative is to try OpenVsixSignTool:

    https://github.com/vcsjones/OpenOpcSignTool



    Sergey Vlasov | Vlasov Studio | Visual Studio extensions and tools



    Monday, October 30, 2017 5:32 AM
  • Thanks for the options - Although I get a success message with the OpenVSIXSignTool when I open the VSIX it says it has an invalid signature.

    I will see what I can do with the single certificate as the current one has 4 certificates in it.

    Chris


    Chris Crowe

    Wednesday, November 1, 2017 10:57 PM
  • I created a new certificate with just the code signing certificate but I still get the same error with the Microsoft tool.

    What version of the tool works for you?

    I tried 15.4.27004 and also the first version on the nuget site  with the same result. 

    Chris


    Chris Crowe

    Thursday, November 2, 2017 1:49 AM
  • Chris,

    I used Microsoft.VSSDK.Vsixsigntool.14.1.24720 and I didn't use the /sha1 switch.


    Sergey Vlasov | Vlasov Studio | Visual Studio extensions and tools


    Thursday, November 2, 2017 5:08 PM
  • I tried the same version as you but still get the same issue.

    It must be something with my certificate which works for code signing normally and does not expire until mid 2020.

    I even tried it with out previous code signing cert (expired) and it fails with the same error code.

    Ours is issued by thawte SHA256 Code Signing CA

    Enhanced Key Usage: Code Signing (1.3.6.1.5.5.7.3.3)

    Key Usage: Digital Signature (80)

    Chris


    Chris Crowe

    Thursday, November 2, 2017 7:54 PM