使用 SHA384 时,Clickonce 使用 SHA1 签署代码
我更新了签名证书,发现它是 SHA384,该证书将我的 clickonce 项目签名为 SHA1。我联系了 Sectigo,他们只是告诉我他们不再提供 SHA256。
根据 Sectigo 常见问题解答,他们说我可以请求 SHA256 形式的时间戳,但是在执行此操作时,Visual Studio 2019 会显示“An发生了意外的内部错误”。要么我在 384 上请求时间戳,要么我不使用时间戳服务器,结果是相同的,签名为 SHA1。
我已经找了好几天了,就是找不到解决这个问题的方法。
I renewed my signing certificate and found out that it's a SHA384, this certificate signs my clickonce project as SHA1. I contacted Sectigo and they just told me that they don't provide SHA256 anymore.
According to Sectigo FAQS, they say I can request the timestamp as SHA256, but when doing it, Visual Studio 2019 says "An unexpected internal error has occurred". Either I request timestamp on 384 or I don't use timestamp server, the outcome is the same, signed as SHA1.
I have been looking for days and just can't find a way to solve this problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您在 VS 2022 之前的任何 Visual Studio 版本中使用 sha384 代码签名证书对单击一次部署进行签名,则签名的单击一次部署将出现“未知发布者”问题。由于 mage.exe 中的错误,
mage.exe 已在 Visual Studio 2022 中修复。我升级到 VS 2022 17.3,并且部署现在使用我的新 sha384 正确签名代码签名证书。
关于这个问题的研究让我找到了 MS 开发团队的问题 6732,它在里程碑 VS17(即 VS 2022)中被标记为已修复。因此,我认为 MS 不会针对旧版本的 Visual Studio 修复它。 https://github.com/dotnet/msbuild/issues/6732
If you sign your click once deployment with a sha384 code signing certificate in any Visual Studio version prior to VS 2022, then the signed click once deployment will have the "unknown publisher" problem. Due to a bug in mage.exe
mage.exe has been fixed in Visual Studio 2022. I upgraded to VS 2022 17.3 and the deployment is now signed correctly using my new sha384 code signing certificate.
Research regarding this problem brought me to issue 6732 from the MS developer team and it was marked as fixed in milestone VS17 which is VS 2022. Therefore, I don't think that MS will fix it for older versions of Visual Studio. https://github.com/dotnet/msbuild/issues/6732