Share via


SignatureDescription could not be created for the signature algorithm supplied

While running a ClickOnce 4.5 application, you may receive the below error message:

Untitled

 Once you click on Details… button, it will popup the log file where you can find the below exception:

Following failure messages were detected:
  + Exception reading manifest from file://XXX/ClickOnce/MyApplication.application: the manifest may not be valid or the file could not be opened.
  + Manifest XML signature is not valid.
  + SignatureDescription could not be created for the signature algorithm supplied.

--- Inner Exception ---
  System.Security.Cryptography.CryptographicException
  - SignatureDescription could not be created for the signature algorithm supplied.
  - Source: System.Security
  - Stack trace:
   at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
   at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags)
   at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)

The above issue occurs due to the MyApplication.application file,  the hash for that file was generated using SHA-256 algorithm.  You can find the following tag Algorithm="https://www.w3.org/2000/09/xmldsig#rsa-sha256" /> in the application manifest file.  For more information, please go through the document: https://msdn.microsoft.com/en-us/library/92f9ye3s.aspx#clickonce

This change is due to the fact that we stopped using legacy certificates as default (SHA-1) in NetFX4.5 to sign manifest and instead, use newer version (SHA-256), which is not recognized by NetFx4.0 runtime. Therefore, while parsing the manifest, 4.0 runtime complains of an invalid manifest. For legacy frameworks, when we try to run a ClickOnce app on a box that does not have targeted runtime, ClickOnce pops up a message to user saying “you need xxxx.xx runtime to run this app”. But starting .NET 4.5, if a 4.5 ClickOnce app is run on the box with only .NET 4.0 installed, the message complains about an invalid manifest. In order to resolve the issue, you must install .Net Framework 4.5 on the target system.

 

Latest Update: Starting with VS 2013 Update 3 RC and the soon-to-be released RTM version of the update, this issue has been resolved.  Namely, even if you are using a SHA256 certificate but targeting a lower version of .NET (e.g., 3.5 or 4.0), the manifest will be generated in such a way that it can still run on down-level .NET versions.

Comments

  • Anonymous
    July 28, 2014
    hope you're right about the RC, just downloading it.

  • Anonymous
    February 09, 2015
    Does installing of Visual Studio Update 4 help in resolving the error

  • Anonymous
    February 09, 2015
    Yes using VS 2013 update4, it should resolve the issue.

  • Anonymous
    February 09, 2015
    I've compiled the clickOnce application using VS 2013 and am going to deploy on Windows 2003 server targeting 4.0 framework. Will this work?

  • Anonymous
    February 09, 2015
    Yes it's expected to work.

  • Anonymous
    June 25, 2015
    I am having the same issue, but using Visual studio 2012. Is there any fix if I am using visual studio 2012?

  • Anonymous
    October 06, 2015
    I see this message when trying to install some extension updates (even NuGet Package Manager update just started showing it) on VS2015RC at Win10 (update from Win8.1Pro)

  • Anonymous
    January 08, 2016
    Yeah I see this error when I try to install Productivity Power Tools 2015. My .Net runtime is 4.5.

  • Anonymous
    January 08, 2016
    Please share the log file.

  • Anonymous
    January 25, 2016
    The comment has been removed