SignTool Error: The specified algorithm cannot be used or is invalid

8
votes

I am trying to use Visual Studio 2012 Express to sign my appx file for a windows store app, but get the following error:

SignTool Error: The specified algorithm cannot be used or is invalid

I am running the process through the STORE->Create App Packages menu, so I don't have direct access to the parameters for SignTool.

At first I thought it was because it was using a self-signed certificate from one of our other developers, so I changed to use our real certificate and still have the same problem.

Any ideas what could cause this and how to fix it?

EDIT: Suspected that the issue was that our normal certificate didn't support SHA-256, so I created a new test certificate in Visual Studio, but got the same result.

EDIT2: Verified that the hash algorithm in my appx package is SHA256, tried to run SignTool manually with the following command:

SignTool sign /a /f My_TemporaryKey.pfx /fd SHA256 /v /debug MyAppPackage.appx

Same error, no helpful information in the console messages.

2
windows-store-appswindows-storesigntoolappx
Have bumped into the same problem...have you found any solution or workaround ?saurav

2 Answers

0
votes

This happens when the certificate is not installed in the PC where you are trying to sign the application.

Install the .pfx file in the PC and then try to sign your application again.To install it, right click on the certificate and click on Install. Then follow the procedures to install it in your local computer.

0
votes

In my case, after dozens of successfull executables files signatures using current company certificate on a legacy Windows XP development machine, I started getting the same error, which seems misleading.

To overcome it I had to change my usual timestamp server, which is a SignTool's optional parameter /t or /tr, as suggested by Daniel Georgiev. In this case, I chose http://timestamp.comodoca.com

The solution, since I usually import company's certificates into my Windows User Certificates Store (*) was as followed.

(*) After importing you certificate, there's no need to specify .pfx anymore during signing process.

Signtool.exe sign /t http://timestamp.comodoca.com /a /n "FileToBeSigned.exe" /v "MyExeFullPath"

In case, it still fails, I suggest you check this compreensive Alternative Timestamp Servers