We are using a 3rd party CSP (SafeNet Luna) installed in our machine which is integrated with the HSM. We use signtool to sign our binaries using the SafeNet Luna CSP which will help us to access the private keys from HSM for our signing.

WE tried the solution at :

http://blogs.msdn.com/danielma/archive/2007/03/19/clickonce-and-expired-certificates.aspx

But it didnt work.

We dont have the option to export the private key and store it in a PFX file and use the same for signing manifest files locally.

Instead we used the following command for signing manifest files:

signtool sign /manifest /snonly /snkc <Keyname> /sncsp <CSPName> /f <Signing Certficate> <input file name>

The above command signed the manifest file and was able to verify it using signtool verify /manifest <signedfilename>. Though the signing and verification was successfull, the signed file does not contain the certificate details (Public key, signature tag, strong name signature tag).

Would require your help in providing us any solution to the above mentioned problem.