SignatureDescription could not be created for the signature algorithm supplied


While running a ClickOnce 4.5 application, you may receive the below error message:

Untitled

 Once you click on Details… button, it will popup the log file where you can find the below exception:

Following failure messages were detected:
  + Exception reading manifest from file://XXX/ClickOnce/MyApplication.application: the manifest may not be valid or the file could not be opened.
  + Manifest XML signature is not valid.
  + SignatureDescription could not be created for the signature algorithm supplied.

— Inner Exception —
  System.Security.Cryptography.CryptographicException
  – SignatureDescription could not be created for the signature algorithm supplied.
  – Source: System.Security
  – Stack trace:
   at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
   at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags)
   at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)

The above issue occurs due to the MyApplication.application file,  the hash for that file was generated using SHA-256 algorithm.  You can find the following tag Algorithm=”http://www.w3.org/2000/09/xmldsig#rsa-sha256 /> in the application manifest file.  For more information, please go through the document: http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx#clickonce

This change is due to the fact that we stopped using legacy certificates as default (SHA-1) in NetFX4.5 to sign manifest and instead, use newer version (SHA-256), which is not recognized by NetFx4.0 runtime. Therefore, while parsing the manifest, 4.0 runtime complains of an invalid manifest. For legacy frameworks, when we try to run a ClickOnce app on a box that does not have targeted runtime, ClickOnce pops up a message to user saying “you need xxxx.xx runtime to run this app”. But starting .NET 4.5, if a 4.5 ClickOnce app is run on the box with only .NET 4.0 installed, the message complains about an invalid manifest. In order to resolve the issue, you must install .Net Framework 4.5 on the target system.

 

Latest Update: Starting with VS 2013 Update 3 RC and the soon-to-be released RTM version of the update, this issue has been resolved.  Namely, even if you are using a SHA256 certificate but targeting a lower version of .NET (e.g., 3.5 or 4.0), the manifest will be generated in such a way that it can still run on down-level .NET versions.


Comments (10)

  1. glitch says:

    hope you're right about the RC, just downloading it.

  2. Phil says:

    Does installing of Visual Studio Update 4 help in resolving the error

  3. Yes using VS 2013 update4, it should resolve the issue.

  4. Phil says:

    I've compiled the clickOnce application using VS 2013 and am going to deploy on Windows 2003 server targeting 4.0 framework. Will this work?

  5. Yes it's expected to work.

  6. kali says:

    I am having the same issue, but using Visual studio 2012. Is there any fix if I am using visual studio 2012?

  7. George Birbilis says:

    I see this message when trying to install some extension updates (even NuGet Package Manager update just started showing it) on VS2015RC at Win10 (update from Win8.1Pro)

  8. Early bird says:

    Yeah I see this error when I try to install Productivity Power Tools 2015. My .Net runtime is 4.5.

  9. Please share the log file.

  10. Adam says:

    Here's the log file I get when trying to install NUget with Windows 10 and VS2013 Update 5:

    1/25/2016 9:42:32 PM – Microsoft VSIX Installer

    1/25/2016 9:42:32 PM – ——————————————-

    1/25/2016 9:42:32 PM – Initializing Install…

    1/25/2016 9:42:32 PM – Extension Details…

    1/25/2016 9:42:32 PM – Identifier      : NuGet.0d421874-a3b2-4f67-b53a-ecfce878063b

    1/25/2016 9:42:32 PM – Name            : NuGet Package Manager for Visual Studio 2015

    1/25/2016 9:42:32 PM – Author          : Microsoft Corporation

    1/25/2016 9:42:32 PM – Version         : 3.3.0.167

    1/25/2016 9:42:32 PM – Description     : A collection of tools to automate the process of downloading, installing, upgrading, configuring, and removing packages from a VS Project.

    1/25/2016 9:42:32 PM – Locale          : en-US

    1/25/2016 9:42:32 PM – MoreInfoURL     :

    1/25/2016 9:42:32 PM – InstalledByMSI  : False

    1/25/2016 9:42:32 PM – SupportedFrameworkVersionRange : [0.0,2147483647.2147483647]

    1/25/2016 9:42:32 PM –

    1/25/2016 9:42:32 PM – System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.

      at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)

      at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)

      at System.Security.Cryptography.Xml.SignedXml.CheckSignature(X509Certificate2 certificate, Boolean verifySignatureOnly)

      at MS.Internal.IO.Packaging.XmlDigitalSignatureProcessor.Verify(X509Certificate2 signer)

      at System.IO.Packaging.PackageDigitalSignature.Verify(X509Certificate signingCertificate)

      at System.IO.Packaging.PackageDigitalSignature.Verify()

      at Microsoft.VisualStudio.ExtensionManager.InstallableExtensionImpl.GetSignatureState(ZipPackage vsixPackage)

      at Microsoft.VisualStudio.ExtensionManager.InstallableExtensionImpl.get_SignatureState()

      at VSIXInstaller.App.LogExtensionDetails(IExtension extension)

      at VSIXInstaller.App.InitializeInstall()

      at System.Threading.Tasks.Task.InnerInvoke()

      at System.Threading.Tasks.Task.Execute()