How to use signtool to create PKCS#7 file with RSASSA-PSS signature?

Durant Lin 1 Reputation point
2021-05-05T03:13:49.53+00:00

Hi All,
I use Signtool to sign specific file to get PKCS#7 file and extract signature from PKCS#7 file.
My command is like below.
"signtool.exe sign /p7 . /fd SHA384 /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /p "" /f rsa3072DebugRsaPss.key.pfx Debug.bin"

But the signature get from PKCS#7 (Debug.bin.p7) is use RSASSA-PKCS#1_1.5 padding method.
For ca connect to pfx (rsa3072DebugRsaPss.key.pfx) already set to RSASSA-PSS (ca signature algorithm).

How could I get signature for signtool PKCS#7 file with RSASSA-PSS padding method?

Thanks.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,352 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Yuhan Deng 3,756 Reputation points Microsoft Vendor
    2021-05-05T07:40:44.08+00:00

    Hi,
    Hope this will help:
    https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool

    Thanks for your time.
    Best regards,
    Danny

    -----------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Yuhan Deng 3,756 Reputation points Microsoft Vendor
    2021-05-05T08:24:00.78+00:00

    Hi,
    Based on your description, this issue seems related to windows api, thus we added windows-api-general related tag so that it would be easier for you to get support from windows api engineers.

    Thanks for your understanding.
    Best regards,
    Danny

    -----------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.