How do you sign/verify a 2.0 build?

Topics: Developer Forum
Mar 30, 2007 at 3:46 AM
I've received some fixes from Oleg, so I downloaded the latest source, made fixes and am trying to build/sign the project. I've successfully built Source\Library\Main\Source\Mvp.Xml.csproj (hopefully that is the right project). Now I am trying to following lines from VS2K5 Command Prompt:

signtool sign /a Mvp.Xml.dll
signtool timestamp /t "http://timestamp.verisign.com/scripts/timestamp.dll"
signtool verify /a /v Mvp.Xml.dll

The first two steps appear to succeed, but the third outputs:

Verifying: Mvp.Xml.dll
Unable to verify this file using a catalog.
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Signing Certificate Chain:
Issued to: Benefit Technology Resources (Self Certificate)
Issued by: Benefit Technology Resources (Self Certificate)
Expires: 1/1/2013 1:00:00 AM
SHA1 hash: 353276309E6FE3B9AB90D38B554090C555EBBB0B

The signature is timestamped: 3/29/2007 9:42:06 PM
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: 12/31/2020 6:59:59 PM
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: 12/3/2013 6:59:59 PM
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

Issued to: VeriSign Time Stamping Services Signer
Issued by: VeriSign Time Stamping Services CA
Expires: 12/3/2008 6:59:59 PM
SHA1 hash: 817E78267300CB0FE5D631357851DB366123A690

SignTool Error: File not valid: Mvp.Xml.dll

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

I guess I have two questions/issues (as I very inexperienced in the 'signing' of files):

a) The Benefit Technology Resources (Self Certificate) was generated I believe a long time ago to get around an Excel Add In coding issue I had. Should I be having a Mvp.Xml certificate?

b) When I then try to use the Mvp.Xml.dll component, I get the following (probably expected) error:

Could not load file or assembly 'Mvp.Xml, Version=2.2.0.0, Culture=nuetral, PublicKeyToken=6ead800d778c9b9f' or one of its dependencies. Strong name validation failed. (Exception from: HRESULT: 0x8013141A)
Strong name validation failed. (Exception from: HRESULT: 0x8013141A)

Any guidance would be apprecitated.
Mar 30, 2007 at 4:00 PM
OK, I think I was going about this the wrong way. Trying to sign with Mvp.Xml 'stuff' is probably wrong (as I assume the intent is that if code was changed it should no longer be signed by you guys indicating a Mvp.Xml 'release').

So I'm trying to sign with our own generated *.snk file and skipping the signtool all together.

So in the project properties, I've unchecked 'Delay sign only' and specified our *.snk file to sign it with. However, when I try to load the assembly, it still fails. I've tried to use fusion log viewer, but none of the assmebly loading 'events' in there fail (unless I'm not catching all required events).

So any help would still be appreciated (note I've tried unchecking the 'Sign the assembly' option but still get error - I don't know how the Mvp.Xml is 'requiring' itself to have a strong name :(.

Terry
Mar 30, 2007 at 4:23 PM
OK, I think I got it to build. Here is what I did:

1) Unchecked 'Delay sign'
2) Signed with my own *.snk
3) Modified the post build step:
ilasm Mvp.Xml.Fixed.il /RESOURCE=Mvp.Xml.res /DLL /OUTPUT="$(TargetFileName)" /KEY=../../BTR.snk
4) Did not digitally sign with signtool.

Then when I built it, it seemed to work (and the bug fixes I received from Oleg work...yay! Thanks Oleg).

If I went about building this the wrong way, please let me know.