-
Notifications
You must be signed in to change notification settings - Fork 249
NuGet package signing Errors and Warnings
This document contains a list of all warnings and errors that may occur during signing, verifying and using signed packages.
Package signing related errors and warnings should be in the following range -
| Log Message Type | Starting Code | Ending Code |
|---|---|---|
| Errors | NU3000 | NU3099 |
| Warnings | NU3500 | NU3599 |
Default signature issue
Input error in sign/verify command - In sign command -
- The certificate file is not found.
- The certificate file is not a valid pfx file.
In verify command -
- Package signature is invalid.
- Package is not signed.
Package verification fails due to one of the following -
- Package integrity check failed. The package has been tampered.
- Author signature verification failed.
- Signature does not have a certificate.
- Certificate does not meet the public key requirements.
- Unable to validate signer certificate chain.
Invalid number of matching certificates in sign command -
- Multiple certificates were found that meet all the given criteria. Use the '-CertificateFingerprint' option with the hash of the desired certificate.
- No certificates were found that meet all the given criteria. For a list of accepted ways to provide a certificate, please visit https://docs.nuget.org/docs/reference/command-line-reference
Certificate chain cannot be built for the following cases -
- The timestamp service's certificate chain could not be built for the following certificate -
Certificate not valid in the following cases -
- Author certificate was not valid when it was timestamped.
The certificate's private key cannot be read - The following certificate cannot be used for package signing as the private key provider is unsupported.
Invalid password was provided for the certificate file '<cert_file_path>'. Please provide a valid password using the '-CertificatePassword' option
Timestamp authority response not valid in the following cases -
- Timestamp service's response does not meet the NuGet package signature specification: Timestamp response does not contain a matching response.
- Timestamp service's response does not meet the NuGet package signature specification: Timestamp response does not contain an acceptable hash algorithm.
- Timestamp service's response does not meet the NuGet package signature specification: Timestamp signature contains invalid content type.
- Timestamp service's response does not meet the NuGet package signature specification: Timestamp response contains invalid signature value hash.
- Timestamp service's response does not meet the NuGet package signature specification: Timestamp service's certificate does not contain a valid Enhanced Key Usage for timestamping.
Signed package contains an invalid timestamp -
- The signature contains an invalid timestamp. Detailed log contains more detailed failure.
# Warnings
Default signing warning
Certificate does not build to a trusted root - Signing certificate does not chain to a trusted root.
Signature information unavailable. [Currently not thrown]
No -Timestamper option was provided the signed package will not be timestamped. To learn more about this option, please visit https://docs.nuget.org/docs/reference/command-line-reference
Check out the proposals in the accepted & proposed folders on the repository, and active PRs for proposals being discussed today.