Sherlock 677 Posted Saturday at 10:20 AM So, I've been kept from doing things by this little, trivial problem. I've been trying to sign an msix package for days now, and am getting nowhere. I can sign Win32 and Win64 executables just fine, Delphi will create unsigned msix packages just as good. But I just can't for the life of me sign an msix. I always get the same error message, it does not matter, if this package contains my application or just a simple dummy, or if it is win32 or win64: "C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe" sign /v /a /fd SHA256 C:\Win\SignTest\Win64\Release\SignTest\bin\SignTest.msix The following certificate was selected: Issued to: My Company Issued by: Certum Extended Validation Code Signing 2021 CA Expires: Sat Jan 08 12:11:18 2028 SHA1 hash: E7C16794EA23F573DE3EA32B5B564717CE84CC75 Done Adding Additional Store SignTool Error: This file format cannot be signed because it is not recognized. SignTool Error: An error occurred while attempting to sign: C:\Win\SignTest\Win64\Release\SignTest\bin\SignTest.msix Number of files successfully Signed: 0 Number of warnings: 0 Number of errors: 1 I even built the msix externally with the makeappx tool from the SDK, that works just fine (as it should, Delphi uses it as well), but in the end...same error as above as soon as I want to sign the package. The AppManifest.xml is in good shape, syntactically and content-wise. The only assets are two png Icons that can be read just fine. The executable itself can be signed with no trouble at all. What am I missing? Share this post Link to post
PeterBelow 250 Posted Saturday at 11:17 AM Won't the MS Store sign the package for you when you upload it? I dimly remember some mention about this (also for Google and Apple app stores) in a webinar i watched recently. Share this post Link to post
Patrick PREMARTIN 112 Posted Saturday at 11:34 AM (edited) 10 minutes ago, PeterBelow said: Won't the MS Store sign the package for you when you upload it? I dimly remember some mention about this (also for Google and Apple app stores) in a webinar i watched recently. Yes for Microsoft Store : we don't have to sign the six files generated by Delphi if we choose the store deployment. But MSIX is a container like was APPX and Delphi generate one in RELEASE if we choose the "store" distribution and "adhoc" in the project options. Delphi try to sign by itself. I'm not sure the six file generated by this way is still valid. In the past I haven't any problem with Certum certificates for MSIX files but I haven't tried since I have a token and use my DProj 2 Win Setup which uses Inno Setup and Exe Bulk Signing programs to generate a signed installer from Delphi deployment wizard. In your command add the time stamping operation ("https://time.certum.pl" for Certum). It's better to have long term signatures on files even after your certificate expire. Edited Saturday at 11:35 AM by Patrick PREMARTIN Share this post Link to post
Sherlock 677 Posted Saturday at 11:49 AM I actually don't want to upload to the store. I need this to be able to create a Kiosk application for Windows 10/11. At least that is how I understand what I have found on the net so far. msix is not a must, but recommended. Also signed msix is not a must, but from a customers POV nice to have. Thanks @Patrick PREMARTIN for the /tr hint. I just shortened the command for ease of use. I really hope once the easy signature works, adding the time server will not be an issue. Share this post Link to post
DelphiUdIT 218 Posted Saturday at 01:06 PM I don't know if there is difference, but have you tried to use: "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool" Share this post Link to post
Sherlock 677 Posted Saturday at 01:18 PM 2 minutes ago, DelphiUdIT said: I don't know if there is difference, but have you tried to use: "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool" I have, and that uses an older version of signtool: "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" sign /v /a /fd SHA256 C:\Win\SignTest\Win64\Release\SignTest\bin\SignTest.msix The following certificate was selected: Issued to: My Company Issued by: Certum Extended Validation Code Signing 2021 CA Expires: Sat Jan 08 12:11:18 2028 SHA1 hash: E7C16794EA23F573DE3EA32B5B564717CE84CC75 Done Adding Additional Store SignTool Error: An unexpected internal error has occurred. Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b) File version is 10.0.19041.685. I'm using 10.0.26100.0 which at least gives a slightly better error message. 1 Share this post Link to post
DelphiUdIT 218 Posted Saturday at 04:39 PM https://learn.microsoft.com/en-us/windows/msix/package/sign-app-package-using-signtool#using-signtool Share this post Link to post
Vincent Parrett 815 Posted 22 hours ago FYI Signotaur can sign MSIX files - https://www.finalbuilder.com/signotaur And it works with Certum tokens and works around the password prompts. Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
