我刚刚收到了用于我的 EV 代码签名证书的代码签名 eToken(小型 USB 加密狗),我正在尝试使用它来签署我的代码。在 Windows Powershell(以管理员身份运行)中,我正在运行
$signtool_path = "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe"
& $signtool_path sign /debug /n "<My Certificate Name>" /csp "eToken Base Cryptographic Provider" /k "Sectigo_20240215105611" /tr http://timestamp.sectigo.com /td SHA256 /fd SHA256 "C:\path\to\my\application\main.exe"
但它给了我:
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Subject Name filter, 1 certs were left.
The following certificate was selected:
Issued to: <My Certificate Name>
Issued by: Sectigo Public Code Signing CA EV R36
Expires: Sat Feb 14 16:59:59 2026
SHA1 hash: <Some Hash Code>
SignTool Error: An unexpected internal error has occurred.
Error information: "Could not associate private key with certificate." (-2147024891/0x80070005)
我不知道如何解决这个问题。如何让它将私钥与证书关联起来?
最后,有效的方法是(在 Safenet 客户端中)将证书导入到 Windows(实际上并不是 100% 确定这是必要的),然后查找与证书关联的哈希值(您可以通过运行原始命令来看到它)问题,或通过 Safenet 客户端),并使用(ChatGPT 建议的)命令进行签名:
& $signtool_path sign /debug /sha1 <HASH_CODE_FOR_CERTIFICATE> /tr http://timestamp.sectigo.com /td SHA256 /fd SHA256 "C:\PATH\TO\MY\BUILD\main.exe"