SignTool Error: ISignedCode::Sign returned error: 0x80092006

Question

Hi,

I'm signing an EXE program with a certificate issued by a trusted CA. I'm using signtool.exe from the Windows SDK v6.0a.

The certificate is located in the computer store and it is in the "Personals" folder.

My command line is :

sign /sm /n "My company" /d MyProductName /du http://my.url.com "C:\Setup\setup.exe"

When I run this command on the command line, it works fine. When I run this command in a batch process (called by a webservice, so there is no user logged in when the command is executed), the following error occur :

Number of errors: 1 SignTool Error: ISignedCode::Sign returned error: 0x80092006 No provider was specified for the store or object.

Anybody can help on this ?

Answer 1

I've [just now, just once] experienced the same condition (immediately after a successful invocation with the same parameters except on a different MSI file). Rerunning succeeded on the next execution of the build script. Also using, like you

/sm /d /du

Not using

/n

Additionally using

/t

Answer 2

The problem is that you service process cannot access your private key, which is stored under your account.

Log on into the account that is running the webservice and import the private key into a key container. You can do this e.g. using the strong name tool (sn.exe) of .Net:

sn -i MyCertificate.pfx MyCodeSigningKey

Now, change your build script to use this key container:

signtool sign /sm /a /v /csp "Microsoft Strong Cryptographic Provider" /kc MyCodeSigningKey <other parameters...>

/kc specifies the key container. /kc requires that you specify the "CSP" (Cryptographic Service Provider) via the /csp switch. "Microsoft Strong Cryptographic Provider" is the default provider used by sn