Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/cocoa/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Can';t使用nuget验证签名_Nuget_Signature_Signing - Fatal编程技术网
Fatal编程技术网
  • nuget/
  • Can';t使用nuget验证签名

Can';t使用nuget验证签名

nuget

Can';t使用nuget验证签名,nuget,signature,signing,Nuget,Signature,Signing,我有一个包,我用自己的CA颁发的证书签名 我用证书签署了一个nuget包 当我在机器的信任存储中添加根CA时,我可以使用nuget成功地验证签名,使用 nuget verify test.nupkg -Signatures 但是,如果我从信任存储中删除根,而是将证书的指纹添加为受信任的签名者,在nuget中,将allowUntrustedRoot设置为true,则出于某种原因,我无法验证签名 > nuget trusted-signers Registered trusted sig

我有一个包,我用自己的CA颁发的证书签名

我用证书签署了一个nuget包

当我在机器的信任存储中添加根CA时,我可以使用nuget成功地验证签名,使用

nuget verify test.nupkg -Signatures
但是,如果我从信任存储中删除根,而是将证书的指纹添加为受信任的签名者,在nuget中,将
allowUntrustedRoot
设置为true,则出于某种原因,我无法验证签名

> nuget trusted-signers 
Registered trusted signers: 


 1.   MyCert [author] 
      Certificate fingerprint(s): 
        [U] SHA256 - 39544DEE346D61EB2FF5CF4A35EF4B42DE5B4641E1B9AAA098A2A5291F683631
但是

如果签名未验证,则添加可信签名者并将
allowUntrustedRoot
设置为true有什么意义。我的意思是,将根证书添加到信任存储中以验证签名显然已经足够了,而无需对配置做任何操作。 如果可能的话,我希望能够不在信任存储中导入根CA,而只使用Nuget的配置来成功验证签名

谢谢。

我们相信,如果您尝试在项目中使用该软件包,并在nuget.configs中适当设置信任策略,则恢复将成功。 请确认一下

接下来,nuget verify有一个-config开关——请尝试传递到nuget.config的路径

如果第一个测试有效,而第二个测试无效,nuget可能在verify命令中有一个bug。如果是,请将问题提交至

-Rob Relyea(NuGet客户团队)

> nuget verify test.nupkg -Signatures 

Verifying Test 
C:\test.nupkg 

Signature Hash Algorithm: SHA256 
WARNING: NU3027: The signature should be timestamped to enable long-term signature validity after the certificate has expired. 
Signature type: Author 
Verifying the author primary signature with certificate: 
  Subject Name: CN=Test Certificate, OU=Test, C=BE 
  SHA1 hash: 679B1E503720C69D981B9CC4F0199D5D8593375A 
  SHA256 hash: 39544DEE346D61EB2FF5CF4A35EF4B42DE5B4641E1B9AAA098A2A5291F683631 
  Issued by: CN=Test Root, OU=Test, O=Test, C=BE 
  Valid from: 10/31/2019 10:29:54 AM to 9/24/2023 11:37:39 AM 

NU3018: The author primary signature found a chain building issue: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 
WARNING: NU3018: The author primary signature found a chain building issue: The revocation function was unable to check revocation because the revocation server could not be reached. For more information, visit https://aka.ms/certificateRevocationMode. 
WARNING: NU3018: The author primary signature found a chain building issue: The revocation function was unable to check revocation for the certificate. 
Finished with 1 errors and 3 warnings. 

Package signature validation failed.