Earlier I successfully used vsixsigntool.exe to sign extensions for Visual Studio in the VSIX format. The command line call looked like this:
vsixsigntool.exe sign /f %PFX% /p %PWD% /sha1 %HASH% /tr http://timestamp.globalsign.com/tsa/r6advanced1 /td sha256 <path_to_vsix>
, where %PFX% is the path to the PFX file with my code signing certificate (CSS), %PWD% is its password, and %HASH% is an SHA1 hash of my CSS.
But this time my CSS supplier, GlobalSign, allowed me to generate and store the new CSS only on a SafeNet 5110 USB token because of global change in security policy related to CSSs. As such, I no longer have a PFX file and can't use vsixsigntool as earlier because of this.
Is there a way to use vsixsigntool with the CSS stored on a SafeNet hardware security module?
Perhaps, there are also alternative solutions allowing us to sign VSIXs using a CSS stored on an HSM. They can be also an answer to my question.
