Hello
The GetKeyProperty error you’re encountering with SignTool is likely due to an issue with the certificate you’re trying to use. The GetKeyProperty function is part of the Windows Cryptographic API (CAPI) and is used to retrieve properties of a key. In this case, it seems that SignTool is having trouble loading the signing certificate from the specified location.
The KeySpec property of a certificate specifies whether a private key associated with a certificate can be used for signing, encryption, or both. An incorrect KeySpec value can cause errors. For instance, a KeySpec value of 1 (AT_KEYEXCHANGE) can be used for signing and encryption, while a value of 2 (AT_SIGNATURE) is only used for signing.
You can check the KeySpec value of your certificate using the certutil command-line tool. Here’s an example command: certutil –v –store my. This command dumps the certificate information to the screen. Under CERT_KEY_PROV_INFO_PROP_ID, look for KeySpec.
If you find that the KeySpec value is incorrect, you may need to generate a new certificate with the correct KeySpec value. If you’re using a third-party tool to generate your certificates, make sure it’s configured correctly to generate certificates with the appropriate KeySpec value.
If you continue to encounter issues, it may be helpful to compare the working and non-working certificates in more detail or consult with the provider of your third-party tool for further assistance.