Visual Studio 2010 and SHA256 certificates

Question

Visual Studio 2010 and SHA256 certificates

astera123 6

Hello,

Does Visual Studio 2010 and VSTO project with Framework 3.5 understand SHA256 certificates?

By trying to answer this question can you put Microsoft article or any other source?

Tianyu Sun-MSFT 14,741 Reputation points Microsoft Vendor

2020-12-03T02:53:34.96+00:00

Hello @VytautasSlivinskas-0957 , what do you mean about “understand SHA256 certificates”? Do you mean develop VSTO project in Visual Studio 2010 with .NET Framework 3.5 by using some SHA256 related APIs maybe? This is the official document about SHA256 Class and it points that Applies to .NET Framework 1.1, also as you know, “Each new version of .NET Framework adds new features but retains features from previous versions”, so it also applies to .NET Framework 3.5.
astera123 6 Reputation points

2020-12-03T07:37:58.463+00:00

Yes I'm developing VSTO project in Visual Studio 2010 with .NET Framework 3.5

In .vsto file I Found this line: <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

I have bought SHA256 certificate for my Excel COM Add-in. I choose my certificate in Project Properties -> Signing -> Select From File -> entering password -> I can see all info of certificate but if I try to BUILD project I receive error: I will put it in 2 comments cause I see we have here 1000 characters limit.
astera123 6 Reputation points

2020-12-03T07:38:16.947+00:00

System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Users/MyProject/bin/Release/MyProject.vsto: the manifest may not be valid or the file could not be opened. ---> System.Deployment.Application.InvalidDeploymentException: Manifest XML signature is not valid. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags)
at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)
--- End of inner exception stack trace ---
astera123 6 Reputation points

2020-12-03T07:38:24.417+00:00

at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()

Tianyu Sun-MSFT 14,741 Reputation points Microsoft Vendor

2020-12-03T02:53:34.96+00:00

Hello @VytautasSlivinskas-0957 , what do you mean about “understand SHA256 certificates”? Do you mean develop VSTO project in Visual Studio 2010 with .NET Framework 3.5 by using some SHA256 related APIs maybe? This is the official document about SHA256 Class and it points that Applies to .NET Framework 1.1, also as you know, “Each new version of .NET Framework adds new features but retains features from previous versions”, so it also applies to .NET Framework 3.5.
astera123 6 Reputation points

2020-12-03T07:37:58.463+00:00

Yes I'm developing VSTO project in Visual Studio 2010 with .NET Framework 3.5

In .vsto file I Found this line: <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

I have bought SHA256 certificate for my Excel COM Add-in. I choose my certificate in Project Properties -> Signing -> Select From File -> entering password -> I can see all info of certificate but if I try to BUILD project I receive error: I will put it in 2 comments cause I see we have here 1000 characters limit.
astera123 6 Reputation points

2020-12-03T07:38:16.947+00:00

System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Users/MyProject/bin/Release/MyProject.vsto: the manifest may not be valid or the file could not be opened. ---> System.Deployment.Application.InvalidDeploymentException: Manifest XML signature is not valid. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags)
at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)
--- End of inner exception stack trace ---
astera123 6 Reputation points

2020-12-03T07:38:24.417+00:00

at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()

Answer 1

Tianyu Sun-MSFT 14,741 Microsoft Vendor

Hi @VytautasSlivinskas-0957 ,

Thank you for sharing detailed information with me.

It seems that this issue is related to CLR, actually, Visual Studio 2010 is end of support and .NET Framework 3.5 is an old version of .NET Framework, so there are fewer related official documents which mentioned if VS 2010, .NET Framework 3.5, and VSTO project support SHA256.

But, from the error message, I think .NET Framework 3.5 may not support SHA256, so I may suggest you update VS to a higher version, and use .NET Framework 4.0+(If possible).

Best Regards,
Tianyu

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

astera123 6 Reputation points

2020-12-03T14:01:53.15+00:00

@Tianyu Sun-MSFT a bit strange cause vs2010 extended support ended ~6 months ago while .NET Framework 3.5 still has Mainstream support till 2023-10-10.

https://learn.microsoft.com/en-us/lifecycle/products/microsoft-net-framework-35

.NET Framework 4.0 support ended 4 years ago: https://learn.microsoft.com/en-us/lifecycle/products/microsoft-net-framework-40

Visual Studio 2010, VSTO and .NET Framework 3.5 selected because project can run on Office 2007, 2010, 2013, 2016, 2019. If pick newer Visual Studio with Framework 4.5 it means project can run only on Office 2013, 2016 and 2019.

Even framework 3.5 is an "old" its still has mainstream support. Also such issue could be solved for VS2010 too :)?
Tianyu Sun-MSFT 14,741 Reputation points Microsoft Vendor

2020-12-08T09:20:12.363+00:00

Hi @VytautasSlivinskas-0957 , thank you for the feedback. I did some research, it seems that the CLR Security Update is needed but I didn’t find a specified version of CLR Security Update. I may suggest you also start a new thread and ask this questions in MSDN Visual Studio Tools for Office(VSTO) forum and you may get more professional help over there.

Visual Studio 2010 and SHA256 certificates

1 answer

Activity