This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 75%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERU%3C/text%3E%3C/svg%3E)
I'm currently using the Trusted Signing Public Preview and would like to report a regression in the DLIB signing tool.
Versions after 1.60 require browser-based authentication on every signing event. In contrast, version 1.60 allowed authentication to persist across signing sessions on a workstation, enabling CI/DevOps workflows.
This change breaks our automation pipelines. If this is a security-driven change, I’d appreciate guidance on a secure and automation-friendly alternative.
Thanks, Rick
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 33%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
We are experiencing the exact same problem with Microsoft.Trusted.Signing.Client 1.0.76, 1.0.86 and the latest 1.0.92. Downloaded from NuGet. A rollback to 1.0.60 fixes the issue.
Which authentication method are you currently using for signing with the dlib?
We are using browser-based authentication. Works perfectly up to version 1.0.60. All versions after that require a new browser identification for each file to be signed.
I'm not sure how to answer that. I'm using signtool.exe. The first time I signed a program file, it opened a browser and I logged in with the identity I created in the Trusted Signing Certificate Profile Signer role.
We are doing the same thing. We call signtool.exe via Windows APIs (not the command line) to code-sign files. When signing two files with separate signtool.exe calls, you must authenticate in the browser twice. If you sign 10 files, you encounter 10 browser prompts. This issue began with version 1.0.76. A rollback to 1.0.60 fixes this immediately!
Browser based authentication for cicd pipelines is generally not recommended, I would strongly suggest using an alternative mechanism such as environment credentials, here are a few FAQs concerning how to use these creds:
That being said, it really depends on the scenario.In the meantime, I'll try and reproduce this on my environment to see if a specific authentication method is causing this behavior.
BTW, I have included a screenshot to demonstrate what happens. Three code-sign actions, three browser prompts. Rollback to 1.0.60 fixes this.
The team rolled out a version of the trusted signing client earlier today, which should include a fix for this regression, please try with version 1.0.95.
As far as I can see, 1.0.95 fixes the issue! Thank you so much.
Thank you so much. We really appreciate the your responsiveness.
Version 1.0.95 fixes the issue.
Thanks for the update.