I try to sign a WPF ClickOnce application with EV certificate stored on a HSM from Gemalto. I have a Continuous Deployment (CD) configured and I want to sign automatically without user interaction, like with PFX files before.
With the article Automate Extended Validation (EV) code signing and the answer from Austin Morton I made it to sign via signtool.exe without password insertion. But my problem is:
How can I sign the manifest with the help of mage.exe? Is it also possible to transfer the token password like with signtool? Or are there any other possibilities to get this work?
We use an HSM token (eToken) from sectigo in combination with the Software SaveNet. Use mage.exe version 4.8.3928.0.
The mageUi.exe tool was very helpful in finding the right configuration.
See mageUi.exe configuration
In my case, the wrong CSP name was assigned. Instead of "eToken Base Cryptographic Provider" (correct in signtool.exe) use "SafeNet Smart Card Key Storage Provider".
The format for the Keycontainer as described in your link (Automate Extended Validation (EV) code signing with SafeNet eToken) for the Signtool.exe works also here.
[SafeNet Token XXXXX{{YYYYYYYYY}}]=Sectigo_ZZZZZZZZZZZ