sometimes AzureSignTool incorrectly detects unsigned file as signed and skips such file from signing. The issue appears under the following conditions:
-s switch is used
file being signed contains a certificate, PKCS7 (signed or unsigned) bag as a content, embedded resource, etc
sometimes AzureSignTool incorrectly detects unsigned file as signed and skips such file from signing. The issue appears under the following conditions:
-sswitch is usedCode SigningEKUThe root cause is because the
X509Certificate.FromSignedFile.NET API is flawed and description is misleading. More details in my blog post about this particular issue: https://www.pkisolutions.com/blog/azuresigntool-incorrectly-identifies-unsigned-files-as-signed/