-1

Creating the certificates as described in

https://sahajrana.medium.com/how-to-generate-a-pfx-certificate-for-flutter-windows-msix-lib-a860cdcebb8

using openSSL as described I get a certificate with this parameters

Certificate bag Bag Attributes localKeyID: XXX subject=C = DE, ST = Berlin, L = Berlin, O = COMPANY issuer=C = DE, ST = Berlin, L = Berlin, O = COMPANY -----BEGIN CERTIFICATE-----

and the following error and it seems "ST" is not valid for the MSIX packaging tool...

'C=DE, ST=Berlin, L=Berlin, O=COMPANY' verstößt gegen pattern-Einschränkung von '(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Description|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID.(0|[1-9][0-9])(.(0|[1-9][0-9]))+))=(([^,+="<>#;])+|".")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Descr iption|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID.(0|[1-9][0-9])(.(0|[1-9][0-9]))+))=(([^,+="<>#;])+|".")))'. Analyse des Attributs 'Publisher' mit dem Wert 'C=DE, ST=Berlin, L=Berlin, O=COMPANY' fehlgeschlagen. Cleaning up output file ... MakeAppx : error: Failure at (CreatePackage( overwrite, hashAlgorithm, fileList, outputPath, manifestStream.Get(), forceCompressionNone, performanceOptions, encryptPackage, encryptionOptions, cgmPath, mainPackagePathForResourceExemption, makepriExeFullPath)) - 0x80080204 - The specified package format is not va lid: The package manifest is not valid. MakeAppx : error: Package creation failed. MakeAppx : error: 0x80080204 - The specified package format is not valid: The package manifest is not valid.*

how can I solve this problem?

The AppXManifest:

<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" 
         xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" 
         xmlns:uap2="http://schemas.microsoft.com/appx/manifest/uap/windows10/2" 
         xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" 
         xmlns:uap4="http://schemas.microsoft.com/appx/manifest/uap/windows10/4" 
         xmlns:uap6="http://schemas.microsoft.com/appx/manifest/uap/windows10/6" 
         xmlns:uap7="http://schemas.microsoft.com/appx/manifest/uap/windows10/7" 
         xmlns:uap8="http://schemas.microsoft.com/appx/manifest/uap/windows10/8" 
         xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" 
         xmlns:iot="http://schemas.microsoft.com/appx/manifest/iot/windows10" 
         xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10" 
         xmlns:desktop2="http://schemas.microsoft.com/appx/manifest/desktop/windows10/2" 
         xmlns:desktop6="http://schemas.microsoft.com/appx/manifest/desktop/windows10/6" 
         xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" 
         xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3" 
         xmlns:rescap6="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/6" 
         xmlns:com="http://schemas.microsoft.com/appx/manifest/com/windows10" 
         xmlns:com2="http://schemas.microsoft.com/appx/manifest/com/windows10/2" 
         xmlns:com3="http://schemas.microsoft.com/appx/manifest/com/windows10/3">
  <Identity Name="com.eygsl.cbs" Version="1.0.0.0"
            Publisher="C=DE, S=Berlin, L=Berlin, O=COMPANY, CN=OurCompany" ProcessorArchitecture="x64" />
  <Properties>
    <DisplayName>AppName</DisplayName>
    <PublisherDisplayName>OurCompany</PublisherDisplayName>
    <Logo>icons/icon.png</Logo>
    <Description>AppName</Description>
  </Properties>
  <Resources>
    <Resource Language="en-us" />
  </Resources>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.17763.0" MaxVersionTested="10.0.19042.630" />
  </Dependencies>
  <Capabilities>
    <rescap:Capability Name="runFullTrust" />
    <Capability Name="internetClient" />
    <DeviceCapability Name="location" />
    <DeviceCapability Name="microphone" />
    <DeviceCapability Name="webcam" />
  </Capabilities>
  <Applications>
    <Application Id="AppName" Executable="test.exe" EntryPoint="Windows.FullTrustApplication">
      <uap:VisualElements BackgroundColor="transparent"
        DisplayName="AppName" Square150x150Logo="icons/150_150.png"
        Square44x44Logo="icons/44_44.png" Description="AppName" >
        <uap:DefaultTile ShortName="AppName" Square310x310Logo="icons/150_150.png"
        Square71x71Logo="icons/44_44.png" Wide310x150Logo="icons/150_150.png">
          <uap:ShowNameOnTiles>
            <uap:ShowOn Tile="square150x150Logo"/>
            <uap:ShowOn Tile="square310x310Logo"/>
            <uap:ShowOn Tile="wide310x150Logo"/>
          </uap:ShowNameOnTiles>
        </uap:DefaultTile>
        <uap:SplashScreen Image="icons/150_150.png"/>
        <uap:LockScreen BadgeLogo="icons/150_150.png" Notification="badge"/>
      </uap:VisualElements>
    </Application>
  </Applications>
</Package>
derChris
  • 726
  • 8
  • 19

1 Answers1

0

The State or Province field of the subject is encoded in ASN.1 and identified with the object identifier 2.5.4.8. So the display of S or ST is just a view interpreted by the client used to display the certificate.

I'm sorry to say, but there is no way to generate a certificate with "s" for state instead of "st"

Have you checked you manifest is correct? The error says: The package manifest is not valid

I tried to reproduce the issue. I do not have/use flutter, so I did the following:

  1. Created a self signed test certificate with a State in the subject name.
  2. Downloaded the MSIX Packaging Tool from here
  3. Started the tool and created a package

MSIX Packaging Tool

Digital Signature on the Package

Here is the manifest that I extracted out of the package:

<?xml version="1.0" ?>
<Package IgnorableNamespaces="uap10 rescap" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10">
  <!--Package created by MSIX Packaging Tool version: 1.2021.709.0-->
  <Identity Name="MyPackage" ProcessorArchitecture="x64" Publisher="C=DE, S=Berlin, L=Berlin, O=COMPANY, CN=OurCompany" Version="1.0.0.0"/>
  <Properties>
    <DisplayName>MyPackage</DisplayName>
    <PublisherDisplayName>COMPANY</PublisherDisplayName>
    <Description>My Description</Description>
    <Logo>Assets\StoreLogo.png</Logo>
    <uap10:PackageIntegrity>
      <uap10:Content Enforcement="on"/>
    </uap10:PackageIntegrity>
  </Properties>
  <Resources>
    <Resource Language="en-us"/>
  </Resources>
  <Dependencies>
    <TargetDeviceFamily MaxVersionTested="10.0.19041.1" MinVersion="10.0.17763.0" Name="Windows.Desktop"/>
  </Dependencies>
  <Capabilities>
    <rescap:Capability Name="runFullTrust"/>
  </Capabilities>
</Package>

Here is the TEST-Certificate (PFX with password 1234) I generated just for reproduction:

MIIKOgIBAzCCCfYGCSqGSIb3DQEHAaCCCecEggnjMIIJ3zCCBggGCSqGSIb3DQEHAaCCBfkEggX1MIIF8TCCBe0GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAh/9QKQt5gmgwICB9AEggTY2adYEpdJd98H51HPL56s5XoB7tGjyHj56cZ3GUQpnYtq1v51p24wSgomTlIAdefPgk5Ydtpz5dMy3KQ67/fAVBjAJlLRhvjXe6Xh7+o5OmnGAG5MUSkwLmevUNWgnB3xWc0FFDXbTeimh9lOrUbm3RvpZi01jAlR0hGPcff2n7AhzUYlKNDHQ0wvUKQ/37cnu1FLzQnm3Yl5j8+zlfs74wd1+3SNJ3iwwvW+vdiAKbiu++G/ZHqDB8pbPWQPlkR6/Sdxufl9IzETb56zs06RyBBupx8VNnwk09Ptjy152Jpmt+XCDGfEueDxpcJHavbcHMbw+6MYDRL9qIgLdXtbToyudSc9ppS/PEGrWi0TVmpftOXISkXfKw+fXlbrxp/ZWVqbA1bw7neQ0mEVV1omCr+zGZcc8qRXAI6757ZSoqMkmLGpzMlXEKbc0BHOKwB964eIhApzEmt4Qm65wSpWWYbuS0mZWlA7/v/CufXGJUGhb2gMhX6dpelEVz8gqj9Ctm5SgkVThy+zOhpFH4GHRgVhVsxkz9Kg2SSrA+YTga48ws8RHgTEGF1KUt9iTi43JyiHHGgkyp5p1KvuLUTqwhX81aACMixdwf5la1pzN2OBoJusaHI5SIECn7PE6xTiXdRHCKjDgagIAt5BusI+RB3oTAkHw80RNMlBUr/JR2gF+UjJqJM24kTIYmTJJmqLtTyqquz2HOLopGi/q2nmYkEyv2nXbO0aOZmTai0VwATuiiEkryBp6JVIRXrF+6jv/NIIkxqjp3cLNTt2BqzEpRftXwYvMLHnOliw4tpWTTWPDxXWBXF/VukErVVDEpuGPqx5b1SXhS1r/yvqBHvwaWUeuiUfb1dVa8HkB8IbwoQ/grc7f8WPU70lOgOp/07C4eAgwjseZ+wmY6W/gufopUMGrEOgsvmrc1b4PSd4oqtoDYqP33A5/Dlh032nq7Ysi1TbrV7f1UIMA8TljIszJV1fuA6ypOPIreYstfBrFaqtMWLhOxxvj1MhqghBjval8Oh5WffuCdklBSzMcdndY0OSmdtxNR4XVYtZxe4qoMTii+7tJt7JVXG7y9VdM9ACfjM0Cs40r8t9zGQDrJJHWSmICaTqBsURS4rB0sJIM9j/TAi6wSNFEwWOOffGb7z+wz+wLDC2ixaHZ47W/6P6ZBgrA51L8BLg1Z0/Gf5LgGnv38f9dy8WNKN61ghm152PSNTfnOB6AkjoKOnAjps6ZFm+cZBXhROWaHw3mMnZuFTpy2X7/3Qffog1KLP3DSglCF9ZxPsNYpiDGXMzg9IvykPAjY3Z1UBuEt/eQeBj8mGVeXHPd1jTqaqGJLywHLLthBfHUIExk5lOSsCamI3cz+5rDyCcwjB0fLo8HGec+inSMAstDMJDE2DiB2JoW+SY90CHo2suw59fsDysDQNYAurj5Ux29mXkAWuTz/z36U+6F13QwP4JldHQFT9cYMwb5SZW8rvBR+LE6QeoXpQRJHb/VbAi5VNtgTTj8HGU3p/zStZSt7LHmhOMTFxH2I1+4PgfcDfFX2WBSTyA3qDMMoE3NkkcDnepd9y1mUHNAHDTGy53sYeDMAbXhhuQMWHiiqoeefxPWeeL9F+89+7phGyNNOLZ72fAznhtfHDHydo3oZLaof3JYzGB2zATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IAGEAYwBkAGEAMwAyAGYAZgAtAGEANwAxAGUALQA0ADIAYgBmAC0AOQAyAGMAMAAtADkAZQBiAGUAZAA3AGYANwAxAGIAZAA3MGsGCSsGAQQBgjcRATFeHlwATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByACAAdgAxAC4AMDCCA88GCSqGSIb3DQEHBqCCA8AwggO8AgEAMIIDtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI9rib30liaPoCAgfQgIIDiNoqUU+gvRav0zXJdxFiUMtUoYv7262urhDUgMSd7B34cBb1TicJJD44pQ01XcoSdl4NDxJ1Ln8FxHFxGqEkTmMjIKPOgnyxyuerU070EphH2pRBCu6KBFRCW/cotjqPljJhiNAoKwVLmEV3zP/EcARm9gzvslRSugvJsRoJNqYBTxUAEq99JnKMuawB3MUTmG3ciZSGn1BjdGQz7dMXeUcODlC/x5DIZtWpBtzqsv9iZOg9+bqdvmASt0qVhiQ/IU4rFWKSrKx5UCdcG8JBPoB4DyFZtZB5nGzcYKwt2RjQ35o9re2llUM+kT0l2SZx4q9WsKjQP57A53lcJBdC9RLn++a8DsJWeNR97CTqxrjtzgI3qVgJc9M3WWkBFOXGj97drhH2Y8Xq8Zj4HZaPnzw5SbM291f/xduFdLrjphX6964O98TTW0yDVKw9cZF5iHRvrTz09h2KqzMMCxIGLVukQjHmw/IoVUFDMQY57jvNCTUN2MvcjRLzvPqPVM8bOQVOKxzHy5PL1WKWljJApk0BUwbH2OJM2+hzdkyTQas26Dtvgw32xMAtetDDGFbMDfaThxMjuwrsoHIHyJhiS1D5rOP4Irs1SjNpJbYNvTK9HFlEuhalo1Ge/SSUy4olXX9nzDMluMXIaojrRDTlwnpdemzvfUj7sRwljMEB8vUZkbZc1FI/YbummWYD56BAEwwa+9O5v7zW5F25TwxqxCBx7bJfdmHyA6X8D7OexFBi8cCK1HqfNWKbh+6MFLIuBR+mg5AeExtN3x33i5Xma0qDs0HP3rIiHcse7Mgyh6jBNn1k2wZMFqnIXk2/Qtk2hQlwTrf13RMbW+IjzzSxwUr7kmdLlT9EmYzOeWr4BmUGDkMWKWFdsMz4202BdQrnf2stDd37gYmjBTuUvV5J5pzHJLH/pLlEIGn8E6jNv0lSagVpd42BaD4XwaRog3nklQmrsKeZOY/q1pV0YXy9E6diANDEcIfGIgwf3X7DOLNy96gU9OKXUpfOTxtnoi+SYv7uOoATrTrZ5d193R+00+q1C4fqecTedEzBrDdj5ipVOuX+lrs9akPfHyFYdCBw4U/ycI7KT33vYooYeuMj5KQqjhXOh9YOZBZHGTUSflLzz4kGUWMl61Q/7yZWM1pY2WJc98xMbCCAahjtp5ROHjdVINKDF0QZ9MCpp3DW6J/jbe6uYW6RuMUwOzAfMAcGBSsOAwIaBBRLt+hZBrxNUfSdKhMMlr63ufrz3gQUFyk0APTrZQ8JgRpJ86Z6fRM7AvACAgfQ

So the problem, as the error says (Analyse des Attributs 'Publisher' mit dem Wert 'C=DE, ST=Berlin), seems the Publisher-attribute of the manifest. The manifest that you posted has S and not ST as value in the attribute.

Looking at the flutter tool in it's readme they have a sample publisher publisher: CN=My Company, O=My Company, L=Berlin, S=Berlin, C=DE. So they use S and not ST.

So the question remains: Where does the ST come from?

Beside that... you wrote

When changing ST to S in the pubspec.yaml I get the following: getting config values.. [√] validate config values.. [√] cleaning temporary files.. [√] create icons folder.. [√] copy icons.. [√] create manifest file.. [√] copy VCLibs files.. [√] packing.. [√] signing.. Done Adding Additional Store Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b) SignTool Error: An unexpected internal error has occurred.

When I look at the manifest you submitted, I see the value C=DE, S=Berlin, L=Berlin, O=COMPANY, CN=OurCompany. Is this the same order that windows certificate viewer is showing when you look at your certificate? The CN as last element looks a bit weired. Maybe the signing failed because the certificate could not be found/matched.

If you need further help, please provide more detailed information about your process. Have a reproduction that you can share.

Best regards Daniel

Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38
  • The manifest is generated by https://github.com/YehudaKremer/msix and I cannot see any other problems than the parsing error of the subject in the certificate. – derChris Oct 05 '21 at 14:22
  • Are you using the optional pubspec.yaml? If so, have you tried to replace ST with S in the publisher field? Could you post the generated manifest? – Daniel Fisher lennybacon Oct 06 '21 at 16:34
  • Looking at the spec (https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package) I’m pretty sure the issue is the publisher name in the manifest, not the certificate itself. – Daniel Fisher lennybacon Oct 06 '21 at 16:38
  • I have added the AppxManifest (replaces some names ) – derChris Oct 07 '21 at 14:58
  • And I am using the standard pubspec.yaml with the msix_config options – derChris Oct 07 '21 at 15:00
  • When changing ST to S in the pubspec.yaml I get the following: getting config values.. [√] validate config values.. [√] cleaning temporary files.. [√] create icons folder.. [√] copy icons.. [√] create manifest file.. [√] copy VCLibs files.. [√] packing.. [√] signing.. Done Adding Additional Store Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b) SignTool Error: An unexpected internal error has occurred. – derChris Oct 07 '21 at 15:01
  • Building with the test certificate ist working well – derChris Oct 07 '21 at 15:21
  • Seems like the publisher names does not match :-( https://stackoverflow.com/questions/37473394/uwp-appx-package-signtool-error-signersign-failed-2147024885-0x8007000b Does the test certificate contain a state attribute? – Daniel Fisher lennybacon Oct 11 '21 at 09:03
  • The error "Error: SignerSign() failed." (-2147024885/0x8007000b) SignTool Error: An unexpected internal error has occurred." is caused by the mismatching of "S" and "ST" – derChris Oct 13 '21 at 12:02
  • Definitely. It is a bug. The question is where? a) https://github.com/YehudaKremer/msix or b) https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package – Daniel Fisher lennybacon Oct 14 '21 at 13:43