How to enforce signing UWP packages for store upload with a specific certificate

Gilad Noy 46 Reputation points
2023-07-03T21:18:57.4766667+00:00

Hello.

We have a UWP published through the MS store using the Microsoft Partner Center.

For security reasons, we want to block uploads of any package, unless it was signed with a private key from a specific certificate.

From a small search and testing, it seems that a package can be successfully uploaded as long as it has the same publisher id and PFN associated with the store, even if the package was signed with different certificates.

Is there a way to make sure the public key and/or thumbprint of the certificate used to sign are also validated when uploading a package?

Thanks,

Gilad.

Universal Windows Platform (UWP)
{count} votes

Accepted answer
  1. Junjie Zhu - MSFT 19,936 Reputation points Microsoft Vendor
    2023-07-04T07:34:31.2933333+00:00

    Hi @Gilad Noy ,

    Welcome to Microsoft Q&A!

    I understand your need is to prevent the creation of malicious software packages on unauthorized PCs. But currently there is no documented UWP API that can do what you want.

    Thank you!


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.