"Manifest XML signature is not valid"
Asked Answered
G

2

13

OS: Windows 7 64 bit using Visual Studio Pro 2012 with .NET 4.5 installed.

I used the Publish option within Visual Studios and ensured that I had clicked the Sign the clickOnce manifest and Sign the Assembly. It will still not run on another computer and says I do not have a valid XML signature. I have pasted the error message below.

I have also read: How to move a ClickOnce deployment package, Do I have to sign my ClickOnce manifest?. VS2012 .NET 4.0 Clickonce VSTO CryptographicException: SignatureDescription could not be created for the signature algorithm supplied and several others.

I need to be able to deploy my program on .NET 4.0 at the minimum and I do not have access to another version of Visual Studios. Thanks in Advance!

complete Error Below:


PLATFORM VERSION INFO Windows : 5.1.2600.196608 (Win32NT) Common Language Runtime : 2.0.50727.3603 System.Deployment.dll : 2.0.50727.3053 (netfxsp.050727-3000) mscorwks.dll : 2.0.50727.3603 (GDR.050727-3600) dfdll.dll : 2.0.50727.3053 (netfxsp.050727-3000) dfshim.dll : 4.0.31106.0 (Main.031106-0000)

SOURCES Deployment url : file:///C:/Documents%20and%20Settings/Administrator/Desktop/EatonWizard.application

ERROR SUMMARY Below is a summary of the errors, details of these errors are listed later in the log. * Activation of C:\Documents and Settings\Administrator\Desktop\EatonWizard.application resulted in exception. Following failure messages were detected: + Exception reading manifest from file:///C:/Documents%20and%20Settings/Administrator/Desktop/EatonWizard.application: the manifest may not be valid or the file could not be opened. + Manifest XML signature is not valid. + SignatureDescription could not be created for the signature algorithm supplied.

COMPONENT STORE TRANSACTION FAILURE SUMMARY No transaction error was detected.

WARNINGS There were no warnings during this operation.

OPERATION PROGRESS STATUS * [10/10/2012 2:05:02 PM] : Activation of C:\Documents and Settings\Administrator\Desktop\EatonWizard.application has started.

ERROR DETAILS Following errors were detected during this operation. * [10/10/2012 2:05:02 PM] System.Deployment.Application.InvalidDeploymentException (ManifestParse) - Exception reading manifest from file:///C:/Documents%20and%20Settings/Administrator/Desktop/EatonWizard.application: the manifest may not be valid or the file could not be opened. - Source: System.Deployment - Stack trace: at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri) at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirectBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation) at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options) at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl) at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state) --- Inner Exception --- System.Deployment.Application.InvalidDeploymentException (SignatureValidation) - Manifest XML signature is not valid. - Source: System.Deployment - Stack trace: at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s) at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri) --- Inner Exception --- System.Security.Cryptography.CryptographicException - SignatureDescription could not be created for the signature algorithm supplied. - Source: System.Security - Stack trace: at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey) at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags) at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)

COMPONENT STORE TRANSACTION DETAILS No transaction information is available.

Guerdon answered 10/10, 2012 at 19:24 Comment(0)
A
36

I had the same problem today. This is how I solved:

What caused the problem: We created a clickonce project using vs2012 and framework 4.5. Then we changed the target framework to 4.0 (client asked to).

The problem is: Framework 4.5 uses SHA-256 algorithm for the signature, and 4.0 uses SHA-1. When we changed the target framework to 4.0 and vs2012 didn't changed the algorithm.

Solution: Change the algorithm manually, generating a new certificate.

Go to Project properties -> signing

You will see the algorithm that is being used in 'Signature Algorithm'. You can create a new test certificate and then you will notice that it changes to 'sha1RSA'

Agnew answered 5/3, 2013 at 18:11 Comment(4)
+1 - Gem! There are a lot of suggestions on the web. For me, this was the answer.Deuterogamy
Indeed, very glad to find such a precise info, and so quickFracture
Hmm... using 2010 and network 4.0 client profile, Sha256 shows up in my manifest a couple of times (mostly sha1 though) -- seems to show up in all the same places for the old version that worked versus the new version that doesn't work (we renewed our key and some clients have an issue installing it now, not sure why).Lemal
I understand what is being said here, but this isn't an answer. A proper valid certificate can not be applied to Code Signing for under framework 4.0. This is a self-signed certificate that is produced by Visual Studio and produces security warnings when used for deployment to customers. ClickOnce really goes to town in warning users about this resulting in a lack of confidence of the deployed product. Any properly licensed Code Signing certificate will be SHA256 from now onEckenrode
E
2

Note, I would have added this as a comment, but due to silly Reputation rules, I can only add an answer!


Beware new code signing certificates

I had this problem recently because our Code Signing certificate needed renewal. So, being blind to the fact that Microsoft haven't patch the XP version of Framework 4 to work with SHA2 certificates during ClickOnce deployment, I told all my clickonce projects to use the new code signing certificate.

As I also do code-based updates of the app rather than just let Microsoft handle it, so that it's a more seamless experience to the end user without them required to press buttons and in the style of my app.

However, I hit a bug where my program didn't report the manifest error, instead it just hung (my bad!). In order to get an update our after working until 3am to discover this problem, I had to create a temporary certificate issued by Visual Studio. The problem with that? Code updates are not seamless any more because microsoft put a stupid dialog up as the publisher is unknown!

So my biggest concern is that yes, OK, XP is not supposedly supported from Monday but that shouldn't mean the Framework 4 shouldn't accept the new certificates if that's what they are pushing to everyone. Microsoft are even actively involved in that push!

The only working answer is as above, you MUST use Visual Studio to create an untrusted temporary certicate, which is rediculous!!! (I still have hope that maybe I didn't find the correct way to use the new certicate)

Eckenrode answered 3/4, 2014 at 12:41 Comment(4)
Hmmm.. I renewed my certificate too -- but my clients that are experiencing this issue are using Windows 7 (x64)...Lemal
Make sure you have the 4.5.1 framework and all it's updates on. If you have just Framework 4 that is where you will experience this.Eckenrode
Of course you can't just change the certificate over night. I don't get why you complain about this, as it would pose a huge security risk.Leman
Actually, you can just change a certificate. But that aside, you've obviously missed the point that the last framework on XP doesn't support SHA2 (sha256) certificates despite knowing they were going to remove SHA1 for some time. Thus, within a year, all XP signed apps will no longer work and can not be re-signed.Eckenrode

© 2022 - 2024 — McMap. All rights reserved.