Share via

System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.

Neelapala, Prasad [TECH NE] 0 Reputation points
2025-09-19T13:43:52.0366667+00:00

Hi team we areusing clickonce to deploy and

we migrated from 2019r3 to 2022r3 and previously we used sha1 and its expired

now we are using sha256 but we are getting

See the end of this message for details on invoking  just-in-time (JIT) debugging instead of this dialog box.

 

************** Exception Text ************** System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.    at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)    at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)    at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags)    at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s)

 

 

************** Loaded Assemblies ************** mscorlib     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9179 (WinRelRS6.050727-9100)     CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll ---------------------------------------- Installer     Assembly Version: 1.0.0.0     Win32 Version: 1.0.0.0     CodeBase: file://fravnascti0039/cit_7l8/PRC_FE_Repository1/PRC_Beta_MSSQL/Installer.exe ---------------------------------------- System.Windows.Forms     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll ---------------------------------------- System     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9176 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll ---------------------------------------- System.Drawing     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll ---------------------------------------- CrowdStrike.Sensor.ScriptControl     Assembly Version: 7.24.19607.0     Win32 Version: 7.24.19607.0     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/CrowdStrike.Sensor.ScriptControl/7.24.19607.0__02b60967b1f68187/CrowdStrike.Sensor.ScriptControl.dll ---------------------------------------- System.Configuration     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll ---------------------------------------- System.Xml     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll ---------------------------------------- System.Deployment     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll ---------------------------------------- System.Security     Assembly Version: 2.0.0.0     Win32 Version: 2.0.50727.9157 (WinRelRS6.050727-9100)     CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Security/2.0.0.0__b03f5f7f11d50a3a/System.Security.dll ----------------------------------------

 

************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled.

 

For example:

 

<configuration> <system.windows.forms jitDebugging="true" /> </configuration>

 

When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box.

Developer technologies | .NET | .NET Runtime
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-09-19T13:43:52.3766667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error message you are encountering, "System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied," typically indicates that there is an issue with the signature algorithm being used in your ClickOnce deployment. Since you have migrated from SHA1 to SHA256, it's important to ensure that the environment you are deploying to supports SHA256.

    Here are a few steps you can take to resolve this issue:

    1. Verify .NET Framework Version: Ensure that you are using a version of the .NET Framework that supports SHA256 for ClickOnce applications. The .NET Framework 4.6 and later versions should support SHA256.
    2. Update Your Code Signing Certificate: Make sure that your code signing certificate is valid and supports SHA256. If the certificate is expired or not configured correctly, it can lead to signature validation issues.
    3. Check Certificate Trust: If you are using a private certificate for local testing, ensure that the trust for that certificate is correctly managed. An incorrect certificate trust configuration can lead to signature validation failures.
    4. Review ClickOnce Deployment Settings: Double-check your ClickOnce deployment settings to ensure that they are configured to use SHA256.
    5. Enable JIT Debugging: If you want to get more detailed error information, consider enabling Just-In-Time (JIT) debugging as suggested in the error message. This can help you diagnose the issue more effectively.

    If these steps do not resolve the issue, you may need to look into the specific implementation details of your ClickOnce deployment and the associated security settings.

    References:

    0 comments
  2. Adiba Khan 970 Reputation points Microsoft External Staff
    2025-10-23T05:12:35.8633333+00:00

    Thanks for reaching out. This issue occurs because the.net framework 2.0/3,5 runtime use by ClickOnce does not support SHA256 (SHA-2) Signature algorithms natively. Older clickOnce deployment manifests created with these runtimes rely on SHA1, and when you switch to SHA256, the sign in component cannot recognize the algorithm.

    Resolution steps

    Option 1 : use .NET framework 4.5 or later

    1.      rebuild and redeploy you are clickOnce applications using .NET Framework 4.5 or newer.

    ·         .NET Framework 4.5+ add native support for SHA256RSA signature descriptions

    2.      update your deployment manifest to use the new framework:

    ·         open your project in Visual Studio

    ·         go to project properties-> publish-> options-> deployment-> manifests signing.

    ·         Ensure the signing algorithm is set to SHA256RSA.

    3.      Re-publish the ClickOnce application.

    Microsoft Docs:

    ClickOnce Deployment and Security - Visual Studio (Windows) | Microsoft Learn

    Option 2: Verify certificate compatibility

    ·         Ensure your code signing certificate supports SHA256RSA.

    ·         You can check the algorithm by right-clicking the .pfx file -> Details -> “Signature algorithm”.

    ·         If your certificate only supports SHA1, request a new SHA256 certificate from your provider.

    References:

    ·         .NET cryptography model - .NET | Microsoft Learn

    Let me know if you need any further help with this. We'll be happy to assist.

    If you find this helpful, please mark this as answered.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.