[GH-ISSUE #93] Keyset does not exist error when using custom SNK generated from PFX file #76

New issue

Closed

opened 2026-02-25 21:30:36 +03:00 by kerem · 3 comments

kerem commented

2026-02-25 21:30:36 +03:00

Owner

Originally created by @brutaldev on GitHub (Jan 24, 2023).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/93

https://improveandrepeat.com/2018/12/how-to-fix-the-keyset-does-not-exist-cryptographicexception/

That file is generated via the following:

In a "Visual Studio command line", type

sn -p "########.pfx" DelaySign.snk

It will ask for the "CERT_PASSWORD" to be typed in

i.e. the ###.pfx file is not installed in either the developers machine or the build agent.

When running a clean build - only the Step 5 Failed ... error is displayed.
So I assume Step 7 is due to the files already being signed (by this tool)

Originally posted by @Smurf-IV in https://github.com/brutaldev/StrongNameSigner/issues/92#issuecomment-1401526093

Originally created by @brutaldev on GitHub (Jan 24, 2023). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/93 https://improveandrepeat.com/2018/12/how-to-fix-the-keyset-does-not-exist-cryptographicexception/ That file is generated via the following: - In a "Visual Studio command line", type > `sn -p "########.pfx" DelaySign.snk` - It will ask for the "CERT_PASSWORD" to be typed in i.e. the ###.pfx file is not installed in either the developers machine or the build agent. When running a clean build - only the Step 5 `Failed ...` error is displayed. So I assume Step 7 is due to the files already being signed (by this tool) _Originally posted by @Smurf-IV in https://github.com/brutaldev/StrongNameSigner/issues/92#issuecomment-1401526093_

kerem

2026-02-25 21:30:36 +03:00

closed this issue
added the
wontfix

invalid
labels

kerem commented

2026-02-25 21:30:37 +03:00

Author

Owner

@brutaldev commented on GitHub (Jan 24, 2023):

@Smurf-IV That does not generate a valid strong name signing key depending on the certificate you are using. The toll will simply extract the public key but that does not mean it's a valid public key pair that can be used for strong-naming. If you try to use that key in Visual Studio it will not sign your binaries either so this is not a bug in the tool since it's just reporting the problem to you, the Keyset does not exist and it's not a valid signing key.

Visual Studio: `Error signing output with public key from file '..\DelaySign.snk' -- Invalid public key.

Step 7 is saving all the changes made to the IL to disk and validating the assembly. When it gets signed with a faulty key then it will not save because it does not generate a valid strong-name.

@brutaldev commented on GitHub (Jan 24, 2023): @Smurf-IV That does not generate a valid strong name signing key depending on the certificate you are using. The toll will simply extract the public key but that does not mean it's a valid public key pair that can be used for strong-naming. If you try to use that key in Visual Studio it will not sign your binaries either so this is not a bug in the tool since it's just reporting the problem to you, the `Keyset does not exist` and it's not a valid signing key. Visual Studio: `Error signing output with public key from file '..\DelaySign.snk' -- Invalid public key. Step 7 is saving all the changes made to the IL to disk and validating the assembly. When it gets signed with a faulty key then it will not save because it does not generate a valid strong-name.

kerem commented

2026-02-25 21:30:37 +03:00

Author

Owner

@brutaldev commented on GitHub (Jan 24, 2023):

@Smurf-IV Why are you trying to use SN.exe to do this anyway? Rather use the tool itself with your PFX file directly and provide the password during signing. It knows (better than SN.exe) how to use the public key in the certificate to generate a key-pair sign the assemblies.

@brutaldev commented on GitHub (Jan 24, 2023): @Smurf-IV Why are you trying to use SN.exe to do this anyway? Rather use the tool itself with your PFX file directly and provide the password during signing. It knows (better than SN.exe) how to use the public key in the certificate to generate a key-pair sign the assemblies.

kerem commented

2026-02-25 21:30:37 +03:00

Author

Owner

@Smurf-IV commented on GitHub (Jan 26, 2023):

Why are you trying to use SN.exe to do this anyway?

So that it can be used with the delay sign step in visual studio
Your tool is then used to replace the delaySign.snk with the actual one; (from the pfx (With the password) as expected, and as you have described)
the picture in #92 was just to show you what the erro was and is not related to the actual DelaySing.snk file (It just created the same error as the commandline with pfx and password !)

@Smurf-IV commented on GitHub (Jan 26, 2023): > Why are you trying to use SN.exe to do this anyway? 1) So that it can be used with the delay sign step in visual studio 2) Your tool is then used to replace the delaySign.snk with the actual one; (from the pfx (With the password) as expected, and as you have described) 3) the picture in #92 was just to show you what the erro was and is not related to the actual DelaySing.snk file (It just created the same error as the commandline with pfx and password !)

kerem referenced this issue

2026-02-25 21:30:42 +03:00

[PR #76] [MERGED] Add condition to disable automatic signing #102