Can';t使用nuget验证签名
我有一个包,我用自己的CA颁发的证书签名 我用证书签署了一个nuget包 当我在机器的信任存储中添加根CA时,我可以使用nuget成功地验证签名,使用Can';t使用nuget验证签名,nuget,signature,signing,Nuget,Signature,Signing,我有一个包,我用自己的CA颁发的证书签名 我用证书签署了一个nuget包 当我在机器的信任存储中添加根CA时,我可以使用nuget成功地验证签名,使用 nuget verify test.nupkg -Signatures 但是,如果我从信任存储中删除根,而是将证书的指纹添加为受信任的签名者,在nuget中,将allowUntrustedRoot设置为true,则出于某种原因,我无法验证签名 > nuget trusted-signers Registered trusted sig
nuget verify test.nupkg -Signatures
但是,如果我从信任存储中删除根,而是将证书的指纹添加为受信任的签名者,在nuget中,将allowUntrustedRoot
设置为true,则出于某种原因,我无法验证签名
> nuget trusted-signers
Registered trusted signers:
1. MyCert [author]
Certificate fingerprint(s):
[U] SHA256 - 39544DEE346D61EB2FF5CF4A35EF4B42DE5B4641E1B9AAA098A2A5291F683631
但是
如果签名未验证,则添加可信签名者并将allowUntrustedRoot
设置为true有什么意义。我的意思是,将根证书添加到信任存储中以验证签名显然已经足够了,而无需对配置做任何操作。
如果可能的话,我希望能够不在信任存储中导入根CA,而只使用Nuget的配置来成功验证签名
谢谢。我们相信,如果您尝试在项目中使用该软件包,并在nuget.configs中适当设置信任策略,则恢复将成功。 请确认一下 接下来,nuget verify有一个-config开关——请尝试传递到nuget.config的路径 如果第一个测试有效,而第二个测试无效,nuget可能在verify命令中有一个bug。如果是,请将问题提交至 -Rob Relyea(NuGet客户团队)
> nuget verify test.nupkg -Signatures
Verifying Test
C:\test.nupkg
Signature Hash Algorithm: SHA256
WARNING: NU3027: The signature should be timestamped to enable long-term signature validity after the certificate has expired.
Signature type: Author
Verifying the author primary signature with certificate:
Subject Name: CN=Test Certificate, OU=Test, C=BE
SHA1 hash: 679B1E503720C69D981B9CC4F0199D5D8593375A
SHA256 hash: 39544DEE346D61EB2FF5CF4A35EF4B42DE5B4641E1B9AAA098A2A5291F683631
Issued by: CN=Test Root, OU=Test, O=Test, C=BE
Valid from: 10/31/2019 10:29:54 AM to 9/24/2023 11:37:39 AM
NU3018: The author primary signature found a chain building issue: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
WARNING: NU3018: The author primary signature found a chain building issue: The revocation function was unable to check revocation because the revocation server could not be reached. For more information, visit https://aka.ms/certificateRevocationMode.
WARNING: NU3018: The author primary signature found a chain building issue: The revocation function was unable to check revocation for the certificate.
Finished with 1 errors and 3 warnings.
Package signature validation failed.