AzureSignTool icon indicating copy to clipboard operation
AzureSignTool copied to clipboard
verified publisher icon vcsjones

AzureSignTool incorrectly detect unsigned files as signed

Open Crypt32 opened this issue 1 year ago • 0 comments

sometimes AzureSignTool incorrectly detects unsigned file as signed and skips such file from signing. The issue appears under the following conditions:

  1. -s switch is used
  2. file being signed contains a certificate, PKCS7 (signed or unsigned) bag as a content, embedded resource, etc
  3. embedded certificate contains Code Signing EKU

The root cause is because the X509Certificate.FromSignedFile .NET API is flawed and description is misleading. More details in my blog post about this particular issue: https://www.pkisolutions.com/blog/azuresigntool-incorrectly-identifies-unsigned-files-as-signed/

Crypt32 avatar Mar 21 '24 10:03 Crypt32