This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 28.000000000000004%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Here is the command I'm using:
mage -sign UNSIGNED2.manifest -CertHash <Fingerprint>
When I'm running the above command, 2 hash signatures are getting created. Why?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)
Hello,
When you use 'mage' to sign a manifest file, two hash signatures are created because the manifest file contains two different types of content: the manifest itself and the files that it references. The first hash signature is created for the manifest file itself, while the second hash signature is created for the referenced files. This is done to ensure the integrity of both the manifest file and the referenced files, and to prevent any tampering with the contents of the manifest or the referenced files.
Best Regards,
Hania Lian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Thanks for the help Hania
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
Hello,
If you’re seeing two hash signatures being created, it could be due to a couple of reasons:
Multiple Certificates: If there are multiple certificates that match the provided fingerprint, might be signing the manifest with each one, resulting in multiple hash signatures.
Manifest Types: There are two types of manifests in ClickOnce deployment: the deployment manifest and the application manifest. If you’re signing both, you might see two hash signatures as a result.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hi Hania Lian, thanks for the answer. As I see, the first answer is deleted due to violating the Code of Conduct. But that answer was correct. Can you please again write it out?
It would be a great help.
Sure.
Glad to help you.