search

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
https://cyclonedx.org/
Apache License 2.0
301 stars 60 forks source link

How to sign a SBOM which is in xml format facing this issue #379

Open itmanju opened 3 months ago

itmanju commented 3 months ago

C:\Users\INMAS34\Downloads>cyclonedx-win-x64.exe sign bom demoproject.xml Loading private key... Loading XML BOM... Generating signature... Unhandled exception: System.Security.Cryptography.CryptographicException: Could not create hash algorithm object. at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument , CanonicalXmlNodeList ) at System.Security.Cryptography.Xml.SignedXml.BuildDigestedReferences() at System.Security.Cryptography.Xml.SignedXml.ComputeSignature() at CycloneDX.Cli.Commands.Sign.SignBomCommand.SignBom(SignBomCommandOptions options) at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context) at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context) at System.CommandLine.Invocation.InvocationPipeline.<>cDisplayClass4_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass23_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass16_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass27_0.<b1>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass25_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b24_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass22_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass11_0.<b0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b10_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<b__0>d.MoveNext()

andreas-hilti commented 3 months ago

@itmanju Which version of cyclonedx-cli were you using? There was an issue in the past https://github.com/CycloneDX/cyclonedx-cli/issues/251 (related to trimming of the application), but this should hopefully be fixed.