PDA

View Full Version : Digital Signing error 1027



SGorman
08-05-2005, 07:46 AM
IS 10, 10.5 and 11 all seem to have a bug that prevents you from being able to build a digitally signed release if you store the password in the release definition. The Release view doesn't have a place to enter the password, but when you use Release Wizard you do get a field for password. DON'T put the password here or else your build will not work and you'll get error 1027.

This bug makes it virtually impossible to automate builds when you use digital signing - and I find that to be a BIG bug.

This bug exists in 10.5 as of today! It's also still in 11!! Apparently there is a bug both in storing the password into the .ISM and in running the signing. And there is NO way around it.

Work order # on this bug is 1-Q00AP and as best as I can tell there is NO schedule for when it will be fixed.

If you have a single EXE and you choose to sign the EXE separately from the build, please be aware of this caveat:
When the user runs from Add/Remove programs it runs the MSI directly, it does not run your original EXE. Therefore, when they run from ARP they are running an UNsigned version of your (un)install. If you have any VBscripts or anything else that an antivirus program such as Norton will interpret as risky then your users will be able to install ok, but uninstalling will cause AV risk warnings to pop up. Not good. Not professional.

MichaelU
08-05-2005, 10:56 AM
Currently 1-Q00AP is marked as closed, and the fix was released in version 11. The breaking scenario with which I'm familiar was all password dependent. We leverage signcode.exe to sign files, but it has no convenient way to pass in a password from the outside. Thus we have to hack around it, and in the past our hack has been rather fragile. It's more robust than it used to be, and in version 11 it works for all passwords I've had certificates with which to try.

If you'd like to try to troubleshoot this issue, please first verify that signcode.exe can be used directly (i.e. without storing the password beforehand) to sign your build. If it works when you type your password into signcode's window, I'd appreciate if you could tell me (either publicly or via private message) any unusual settings for your machine such as language settings or keyboard input modes, and any unusual characters you might have in your password (anything not a letter, number, or punctuation on the American keyboard).

Even better if you can share your certificate and password and a sample project with us, that's a test case we can use to actually debug the issue.

SGorman
08-05-2005, 11:40 AM
I called support yesterday and spoke to Erin and we troubleshot this issue in 10.5. Erin is the one that told me that the workorder was still open and that it was not fixed in 11 either and that there was no schedule for when it would be worked on.

isign works just fine outside of the IDE and it works just fine if I don't put a password in the release configuration and just fill it in when prompted.

the password is all letters, numbers or punctuation. Nothing unusual.

You are right though. this WORKS in version 11. I can upgrade this project to 11 and solve the whole problem.

I sure wish that support had their act together and had been able to tell me that yesterday. But thank you very much MichaelU for watching the forums and replying about this. You just saved me a BUNCH of effort.