NuGet Warning NU3013

Scenario 1

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The signing certificate has an unsupported signature algorithm.

Issue

The certificate used to sign the package has an unsupported signature algorithm.

Solution

Please ensure that the signing certificate has one of the following signature algorithms -

  • sha256WithRSAEncryption
  • sha384WithRSAEncryption
  • sha512WithRSAEncryption

Scenario 2

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The primary signature's certificate has an unsupported signature algorithm.

Issue

The certificate used to sign the package has an unsupported signature algorithm.

Solution

Please ensure that the package was signed using a certificate with one of the following signature algorithms -

  • sha256WithRSAEncryption
  • sha384WithRSAEncryption
  • sha512WithRSAEncryption

Note

When NuGet’s signature validation mode is set to accept (default), NU3013 is raised as a warning. When NuGet’s signature validation mode is set to require, or when running the nuget verify -signatures command, NU3013 is elevated from a warning to an error.