NuGet Error NU3004

Scenario 1

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The package is not signed.
Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': signatureValidationMode is set to require, so packages are allowed only if signed by trusted signers; however, this package is unsigned.

Issue

If from nuget verify -signatures

NuGet client tried to verify an unsigned package.

If from restore or install when specifying signatureValidationMode to require

The require validation mode does not support unsigned package and an unsigned package is trying to be installed.

Solution

Please ensure that any package intended to be installed or passed to nuget verify -signatures command contains a package signature.

Scenario 2

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': This repository indicated that all its packages are repository signed; however, this package is unsigned.

Issue

The repository indicated that all its packages are repository signed. However, an unsigned package was downloaded.

Solution

Warning

This error may happen due to a bug when using multiple NuGet clients (see NuGet/Home#7997). Please upgrade to nuget.exe 5.1.0 or newer, Visual Studio 2019 16.1 or newer, and .NET SDK 2.1.70X or 2.2.30X or newer.

You can check if a package is signed using the dotnet nuget verify or nuget verify commands. If the package is unsigned, please contact the package source as this is unexpected.