How do I sign a vsix with azure Trusted Signing Service?

Question

I have moved to Azure Trusted Signing and need to sign a visx file. VsixSignTool only supports PFX files.
https://github.com/vcsjones/OpenOpcSignTool

Seems to support azure key vaults.

Nothing seems to support Azure Trusted Signing.

Answer 1

Hi @David Watson ,

Just to add to Tianyu's answer:

We only support file types supported by SignTool: https://learn.microsoft.com/en-us/azure/trusted-signing/faq#what-types-of-files-can-be-signed-with-trusted-signing

That said, the dotnet/Sign project now has a pre-release version with Trusted Signing integration to expand our support to include VSIX, NuGet, and ClickOnce here: NuGet Gallery | sign 0.9.1-beta.24325.5. Once this is more stable, we will publish information more information on how to use it with Trusted Signing. 

Support for Azure Trusted Signing · Issue #683 · dotnet/sign (github.com)

Hope this helps!

Answer 2

Hello @David Watson,

Thank you for taking time to post this issue in Microsoft Q&A forum.

I have checked but didn’t find the proper tools too.

Either this document: Signing VSIX Packages or this document: Set up signing integrations to use Trusted Signing doesn’t seem to provide any confirmation for whether it’s possible to sign a vsix with Azure Trusted Signing Service. But looks like, it’s not supported currently.

I would recommend also double confirming this here: GitHub-dotnet-sign.

BTW, added Azure tag for better(maybe some confirmations from Azure side) help.

Best Regards,

Tianyu

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.