"Error: SignerSign () failed." (-2147023673 / 0x800704c7)

Question

"Error: SignerSign () failed." (-2147023673 / 0x800704c7)

When using signtool to sign code on our build server, jenkins gives the following error message:

Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147023673/0x800704c7)
SignTool Error: An unexpected internal error has occurred.

We use the EV code mark certificate on the USB token. All tools are the latest available in fact.

Any ideas?

This is not a problem if you use the same build task and run it manually on the same machine (as the user mentioned below) that jenkins is running on in the same environment / directory.

The Jenkins service runs on a Windows 10 pro virtual machine as a simple user with administrator rights (not as a local system).

For more information, see this excerpt from Jenkins Magazine:

  Signiere FlinkySchule.FormularEditor.exe:
  Verbindung zu Token auf- bzw. abbauen
  ***** code signing *****
  Aktueller Pfad des signtool:
  c:\JW\FS\Production\Deployment\Tools\signtool\kits
  Zu signierende Datei:
  c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\bin\Release\\FlinkySchule.FormularEditor.exe
  The following certificate was selected:
      Issued to: Dirk W.

      Issued by: GlobalSign CodeSigning CA - SHA256 - G3

      Expires:   Fri Apr 03 15:58:51 2020

      SHA1 hash: 4187Cxyxyxyxyxyxyxyxyxyxyx7978C4


  Done Adding Additional Store
EXEC : error information: "Error: SignerSign() failed." (2147023673/0x800704c7) [c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\FlinkySchule.FormularEditor.csproj]
EXEC : SignTool error : An unexpected internal error has occurred. [c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\FlinkySchule.FormularEditor.csproj]

: 2017 260 . ! , .

+5

windows jenkins signtool

Dirk W. 17 . '17 18:48

3

Jeremy Cornett · Answer 1 · 2017-11-14T22:39:52+0000

. Jenkins, Signtool.exe, , "". .

C, Symantec . Signtool.exe , . , Signtool.exe, . . , , , , . , . , java , !

, , signtool Windows, , , ( ), . , Jenkins, SignTool Token Prompt .

Maxime Viargues · Answer 2 · 2017-10-02T22:54:56+0000

, Windows 10 SDK, .. 10.0.15063.0

Dirk W. · Answer 3 · 2017-06-28T08:17:40+0000

EV Jenkins eToken

, jsign

java -jar jsign-2.0.jar --keystore .\eToken.cfg --alias %yourCertAlias% --storetype PKCS11 --tsaurl http://rfc3161timestamp.globalsign.com/advanced --tsmode RFC3161 --storepass %tokenPassword% %file2sign%

eToken.cfg:

name=eToken
library=c:\WINDOWS\system32\eTPKCS11.dll

java keytool

keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg

-

Keystore-Typ: PKCS11
Keystore-Provider: SunPKCS11-eToken

Keystore enthält 1 Eintrag

te-318f471f-9a0e-4101-bf45-96a656cc2306, PrivateKeyEntry,
Zertifikat-Fingerprint (SHA1): 
41:87:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX:XX:XX:XX:79:78:C4

, . , . , jsign, , "te-318f4...."

? , Trustzone.

Please let me know if you are interested in learning how we perform the automated build process on a separate build machine using only one USB eToken device.

"Error: SignerSign () failed." (-2147023673 / 0x800704c7)

More articles: