0

I am currently trying to automate the signing of executables via a .bat script

The following code is within the script:

@echo off
color 0A
set CERTIFICATE_PATH=Certs\Pfx\cert.pfx
set CERTIFICATE_PASSWORD=My-Pw
set TIMESTAMP_URL=http://timestamp.digicert.com

set PROJECT_OUTPUT_PATH=%1

signtool sign /f "%CERTIFICATE_PATH%" /p "%CERTIFICATE_PASSWORD%" /t %TIMESTAMP_URL% /fd SHA256 /v "%PROJECT_OUTPUT_PATH%"

My file structure is the following:

This is the path to the file I want to sign: C:\1A\test.exe

This is the path to the script: C:\2A\SignScript.bat

The certificate is in a subfolder of the script path itself and is saved here: C:\2A\Certs\Pfx\cert.pfx

Now when I execute the script with this command: C:\2A\SignScript.bat "C:\1A\test.exe"

I get the following error:

SignTool Error: An unexpected internal error has occurred. Error information: "Error: Store IsDiskFile() failed." (-2147024893/0x80070003)

I don't get what the problem is to be honest. The paths seem fine to me and signing it with a third party app (which uses signing tool as well" works too...

EDIT: I've tried to do it by hand in order to rule out any problems with the certificate and such. Entering the command signtool sign /f "cert.pfx" /p "My-Pw" /t "http://timestamp.digicert.com" /fd SHA256 /v C:\1A\test.exe while using the command prompt inside the folder of the certificate works without any problems and signs my application! So at least there are not any problems with the certificate...

EDIT2: I have also tried the proposed solution of @Stephan from the comments but unfortunately it does not work and I still get the same error.

GoldNova
  • 147
  • 1
  • 1
  • 11
  • Problem with quoting. `%1` is quoted, so `PROJECT_OUTPUT_PATH` has quotes, and you quote it again with the `signtool` line. Switch to `set PROJECT_OUTPUT_PATH=%~1` to remove the quotes from the argument or even better `set "PROJECT_OUTPUT_PATH=%~1"` (recommended syntax, the quotes makes it safe against stray spaces and "poison chars" and are not included in the variable name or value) – Stephan Aug 03 '23 at 10:06
  • @Stephan I just tried it again with only ``C:\1A\test.exe`` and no quotes and it still throws the same error. I have also tried to use your recommended solution for the set command and it fails as well with the same error. I don't think the quotes are the problem. – GoldNova Aug 03 '23 at 10:31
  • `... /v ""C:\1A\test.exe""` *should* be a problem (obviously not your only one)). Run with `echo on` and compare the executed script command with your manual command. Any differences should give you a clue. – Stephan Aug 03 '23 at 10:52
  • 1
    https://stackoverflow.com/questions/7655287/signtool-fail-with-inno-setup-0x80070003-store-isdiskfile-failed says that that particular error code means "cert file not found." I suggest trying full paths instead of relative paths. – SomethingDark Aug 03 '23 at 11:00
  • @SomethingDark This seems to be it. For some reason it does not allow a relative path for the certificate. Just changed it to the full Path ```C:\2A\Certs\Pfx\cert.pfx`` and it works.... – GoldNova Aug 03 '23 at 11:08

0 Answers0