Signing with a USB token

[ltemimi]

Hi, I have renewed my CA certificate and I have been supplied with a USB token in the past I used

   bootstrapper.DigitalSignature = new DigitalSignatureBootstrapper()
   {
       PfxFilePath = certificatePath,
       Password = "xxxxx",
       Description = "PlcData-Bundle",
       OptionalArguments = "/v /fd sha256 /tr http://timestamp.comodoca.com?td=sha256 /td sha256"
   };

 project.DigitalSignature = new DigitalSignature
  {
      PfxFilePath = certificatePath,
      Password = "xxxxx",
      Description = "PlcData-Licensing",
      OptionalArguments = "/v /fd sha256 /tr http://timestamp.comodoca.com?td=sha256 /td sha256"
  };
  
  Now the certificate is inside the token  can wixsharp sing using a USB token?

Thanks

[oleg-shilo]

WixSharp doesn't do much for signing. It calls the DigitalySign method, which simply runs your signing tool (signtool.exe) with the parameters you specified in your code snipped. That's it.

wixsharp/Source/src/WixSharp/CommonTasks.cs

Line 198 in 5088a59

static public int DigitalySign(string fileToSign, string certificateId, string timeURL, string password,

Thus if you know what parameters you need to use to sign with the USB token you can simply specify these parameters in the DigitalSignature initializer.

[ltemimi]

Hi Oleg Many thanks for your help I have figured it out below is what works ; using the certificate thumbprint makes the installer search for the USB token to sign. Hope it will hep someone

  bootstrapper.DigitalSignature = new DigitalSignatureBootstrapper()
  {

      CertificateId = "3624d98639c4105cc492809c396e4013dbca09cc", // Your Thumbprint
      CertificateStore = StoreType.sha1Hash, // This uses the thumbprint
      Description = "Bundle Installer",
      TimeUrl = new Uri("http://timestamp.comodoca.com?td=sha256"),
      HashAlgorithm = HashAlgorithmType.sha256,
      OptionalArguments = "/v"
  };

 project.DigitalSignature = new DigitalSignature
 {
     CertificateId = "3624d98639c4105cc492809c396e4013dbca09cc", // Thumbprint
     CertificateStore = StoreType.sha1Hash, // This uses the thumbprint
     Description = "Loggging Installer",
     TimeUrl = new Uri("http://timestamp.comodoca.com?td=sha256"),
     HashAlgorithm = HashAlgorithmType.sha256,
     OptionalArguments = "/v"
 };

[oleg-shilo]

Great, thank you for sharing

[monty241]

For completeness, this is the logic we use for CertificateStore with thanks to the original question:

            //
            // DigitalSignature.CertificateId can point to a PFX file, key container name or a certificate SHA1 thumbprint,
            // depending on the CertificateStore.
            //
            if (!string.IsNullOrEmpty(keyFileNamePath))
            {
                newSignature.CertificateId = keyFileNamePath;
                newSignature.CertificateStore = StoreType.file;
            }
            else if (!string.IsNullOrEmpty(keyContainerName))
            {
                newSignature.CertificateId = keyContainerName;
                newSignature.CertificateStore = StoreType.commonName;
            }
            else
            {
                newSignature.CertificateId = DeploymentConfiguration.Current.SigningCertificateSha1Thumbprint;
                newSignature.CertificateStore = StoreType.sha1Hash;
            }