Multiple PIN requests when code-signing appxbundle from Yubikey RRS feed

  • Question

  • I'm using a Yubikey 4 to securely store a code-signing private key and this works well for normal signing operations: .exe, .msi

    When signing an appxbundle it makes multiple requests for the PIN - I'm assuming one for each contained appx to be signed (around 45).

    It ultimately fails signing the appxbundle. When signing appx it requires the PIN a few times, but does succeed in the end.

    Is there a way to cache the PIN so that its only required once for the whole operation? I've already set the --pin-policy once flag during import, but this doesn't help. Is there something I need to configure regarding the PIN requests, or some kind of security boundary I can script so that it only requires the PIN once?

    Friday, June 14, 2019 9:42 AM

All replies

  • Hi ,

    Since the problem is more related to publishing apps, I'll help you to move this thread to the Publishing Windows Store App Forum. You could get more professional support about publishing apps.

    Thank you for your patience.

    Best regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Monday, June 17, 2019 1:47 AM
  • Thanks

    I've looked into this a bit more, and it looks like it could be an issue with how smart card PINs are handled by Windows 10.  Can anyone confirm or provide more info?

    Tuesday, June 25, 2019 10:59 AM