Intel® Fortran Compiler
Build applications that can scale for the future with optimized code designed for Intel® Xeon® and compatible processors.
Announcements
The Intel sign-in experience is changing in February to support enhanced security controls. If you sign in, click here for more information.

Application Signing in Visual Studio

Ted_Lillys
Novice
517 Views

Hello all,

I am attempting to use a post build event to sign a compiled console application using signtool. This is happening after the fact of setting up the solution and projects.  Obviously, it isn't going well since I'm posting a question here. I'm using an environment variable that contains the full path to the signtool.exe.  The build log has the following response:

 

%SIGNTOOL% sign /n “RTI International (Research Triangle Institute Inc)” /sm /tr http://timestamp.entrust.net/rfc3161ts2 /fd sha256 /td sha256 C:\Users\tlillys\Documents\GitHub\minteqa2\src\MINTEQA2\minteqa2\Debug\minteqa2.exe
SignTool Error: No file digest algorithm specified. Please specify the digest algorithm with the /fd flag. Using /fd SHA256 is recommended and more secure than SHA1. Calling signtool with /fd sha1 is equivalent to the previous behavior. In order to select the hash algorithm used in the signing certificate's signature, use the /fd certHash option. 
Project : error PRJ0019: A tool returned an error code from "Signtool"

IT folks here have asked if there are any compiler options/settings that relate to the "digest algorithm". I haven't seen any as I browse through.  

Are there options when setting up a new project/solution that pertain to digest algorithms?

Thanks

Ted

 

Platform deets:

Win 10 box with

Microsoft Visual Studio Professional 2017
Version 15.9.44
VisualStudio.15.Release/15.9.44+28307.1800
Microsoft .NET Framework
Version 4.8.04084

Installed Version: Professional

Intel® Fortran Compiler Package ID: w_oneAPI_2021.3.0.306
Intel® Fortran Compiler – toolkit version: 2021.3.0, extension version 19.2.0062.15, Package ID: w_oneAPI_2021.3.0.306, Copyright © 2002-2021 Intel Corporation. All rights reserved.
* Other names and brands may be claimed as the property of others.

 

Labels (1)
0 Kudos
3 Replies
Steve_Lionel
Black Belt Retired Employee
493 Views

There is absolutely nothing in the compiler relevant to this. I would expect you to put the signing command in a "Post-Build Event". Note that host process environment variables aren't passed into the event process, but it looks to me as if you have inadequately specified the command for the signing tool.

Ted_Lillys
Novice
466 Views

Thanks Steve. I didn't think there would be an option.

What's curious is that the response using the environment variable gives the impression that the signtool.exe was called and responded that the arguments provided were not sufficient, as you observed. If I replace the environment variable with the quoted path to the signtool.exe, the error indicates that the replacement string is not recognized. Once I added "call", I'm back where I started which is an issue with the /fd flag.

Steve_Lionel
Black Belt Retired Employee
462 Views

It would be interesting to see the build log after setting the VS option Tools > Options > Intel Compilers and Libraries > IFORT Intel Fortran Classic > General > Show Environment in Log > True. Zip buildlog.htm and attach it to a reply here. Also, I notice there are "fancy quotes" in your excerpt from the build log - are those actually in the command, or did you run this through Word first?

Reply