VS2012 .NET 4.0 Clickonce VSTO CryptographicException: SignatureDescription could not be created for the signature algorithm supplied

Question

I have a VS2010 .NET 4.0 VSTO Outlook Addin project that I wish to migrate to VS2012 (but keep it in .NET 4.0). It compiles fine, and runs from inside the IDE just fine, bu

Answer 1

I had this exact same error message and was using VS 2013, .NET 4.5, and signing everything correctly with SHA256.

Finally, I found that an older version of VSTO 2010 Runtime was installed (10.0.40303). Once we updated it to 10.0.40820 everything worked fine. Really hope this helps someone, drove me absolutely bonkers for days trying to figure out what was going on.

Answer 2

Same with Visual Studio 2012 RTM. When i deploy the application in a clean Windows 7 ultimate machine i have "SignatureDescription could not be created for the signature algorithm supplied" Exception. Problem solved after the installation of .Net Framework 4.5 on the deployment machine.

Answer 3

Edit: I later found out that the re-sign was the only thing that made this work. Ignore the stuff below about changing the .Net version.

---

I ran into this with a VSTO project, while publishing with Visual Studio 2015, targeting .Net 4.5, and running on a client machine with .Net 4.5. Theoretically I should not be seeing the error, but I found that the application manifest (*.dll.manifest) was still specifying .Net 4.0. It would work correctly the first tie it was run after logging in, but would then fail every time after that.

<dependency>
  <dependentAssembly dependencyType="preRequisite" allowDelayedBinding="true">
    <assemblyIdentity name="Microsoft.Windows.CommonLanguageRuntime" version="4.0.30319.0" />
  </dependentAssembly>
</dependency>

The version for .Net 4.5 is 4.0.30319.18020 as far as I can tell, so I put that in instead.

<dependency>
  <dependentAssembly dependencyType="preRequisite" allowDelayedBinding="true">
    <assemblyIdentity name="Microsoft.Windows.CommonLanguageRuntime" version="4.0.30319.18020" />
  </dependentAssembly>
</dependency>

Then I had to re-sign the application and deployment manifests (*.vsto). See Signing and re-signing manifests in ClickOnce. Here is a PowerShell script I used to do that. It runs out of the Application Files\<application>_<version>\ folder.

# get files only, no directories
$withDeploy = ls -Recurse | where Mode -eq "------" | where Name -Like "*.deploy"

if ($withDeploy.Length -gt 0)
{
    # rename .deploy files
    $withDeploy | %{ Rename-Item -Path $_.FullName -NewName $_.FullName.Replace(".deploy", "") }

    $certPath = "Z:\path\to\your\cert\file"
    $certFile = "$certPath\cert.p12"
    $certPass = "<your_password>"

    # re-sign the application manifest; should be <application>*.dll.manifest
    $manifestFile = ls | where Name -like "*.dll.manifest" | %{ return $_.Name }
    mage -Update $manifestFile -CertFile $certFile -Password $certPass

    # re-sign the deployment manifest; *.vsto
    $vstoFile = ls | where Name -like "*.vsto" | %{ return $_.FullName }
    #mage -Update $vstoFile -AppManifest $manifestFile -CertFile $certFile -Password $certPass

    $otherVstoFile = ls "..\..\" | where Name -like "*.vsto" | %{ return $_.FullName }
    mage -Update $otherVstoFile -AppManifest $manifestFile -CertFile $certFile -Password $certPass
    Copy-Item $otherVstoFile $vstoFile

    # put .deploy back
    $withDeploy | %{ Rename-Item -Path $_.FullName.Replace(".deploy", "") -NewName $_.FullName }
}

Ideally it would be preferable to make a change to the Visual Studio project so that I don't have to do this every time I publish, but I don't see a way to do that, and any solution is better than no solution. I might add this as a post-publish MSBuild action or something, but for now this works.

Answer 4

I solved my problem by creating a new certificate that is used to sign the ClickOnce manifest and generated it using the SHA1 algorithm. You can see the conversation here: http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/eba424ae-f7b7-4530-bb68-db3b9972a31e

Edit 2014-Aug-05:
Visual Studio 2013 Update 3 finally fixes this problem.
http://support.microsoft.com/kb/2933779
From Fixed Issues -> General:

You can use SHA 256 code-signing certificates even for applications that target the .NET Framework 4.0 or an earlier version. Before this update, the .NET Framework 4.5 had to be present on the client computer when a SHA 256 code-signing certificate was used for desktop applications published with ClickOnce or Visual Studio Tools for Office add-ins. If you have used SHA 256 code-signing certificates in the past, and have seen errors such as "The application is improperly formatted," "The manifest may not be valid," "Manifest XML signature is not valid," or "SignatureDescription could not be created for the signature algorithm supplied," this update resolves the problem for re-published and newly-published applications.