We are using Nant to prepare setup of our software using Clickonce.
Using signtool to sign dll(s) and exe(s).
signtool command : signtool sign /f ${certFile} /p ${certFilePwd} {path of setup.exe}
Using Mt.exe to embed manifests in exe files.
Mt command : mt -manifest {manifest file} -outputresource:{filepath};#1
We have two exe files. One is our app.exe and second is setup.exe(bootstrapper created by clickonce)
There is no issue with app.exe in signing after embedding manifests.
But signing of setup.exe after embedding manifest is giving below error:
SignTool Error: SignedCode::Sign returned error: 0x80070057. The parameter is incorrect.
manifest file contains:
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker"
uiAccess="false"></ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
No error if I do sign before embedding manifest but it cant work as any file needs resigning after changes.
I also tried following steps:
Does any have solution/workaround of this problem?
I can't find a source to cite, but I ran into a similar problem a while ago and you can't sign a setup.exe that has been previously signed. You can generate your bootstrapper from scratch (see MSDN), apply your manifest and then sign it (for the first time!) and it should work.
Sometimes, an obfuscator tool produced an un-signable file. meaning, the signtool was returning error 0x80070057 for anything I tried.
I've also noticed that the Version and Language properties are blank on the 'invalid' file see
So, my conclusion is that it's an issue with the file itself and not with the sign tool or sign server.
User contributions licensed under CC BY-SA 3.0