I'm having a hard time trying to calculate the publicKeyToken corresponding to a pfx file.
I'm building an publishing a ClickOnce application using VisualStudio. I have a code signing certificate code_sign.pfx that I'm using. In the resulting manifest, there are several fields identifying the certificate and key used for signing, the ones I'm interested in are publicKeyToken and issuerKeyHash.
According to Microsoft, issuerKeyHash should be "the SHA-1 hash of the public key of the certificate issuer" (https://learn.microsoft.com/en-us/visualstudio/deployment/publisheridentity-element-clickonce-deployment?view=vs-2022). I'm able to recalculate this field:
- On windows by opening the certificate store, copying the "Public Key" field and calculating the SHA1 hash.
- On linux by loading the pfx using
cryptography.hazmat.primitives.serialization pcks12, retrieving the public_bytes from the public_key, dropping the first 22 bytes (??? no clue why) and calculating the SHA1 hash.
Again according to Microsoft, the publicKeyToken is "the last 8 bytes of the SHA-1 hash value of the public key under which the deployment manifest is signed" (https://learn.microsoft.com/en-us/visualstudio/deployment/assemblyidentity-element-clickonce-deployment?view=vs-2022). However, I cannot find a way to calculate this from the pfx without using tools such as sc.exe. There is only 1 public key in the pfx certificate, and it is used to calculate the issuerKeyHash.
Is there a way to calculate the publicKeyToken from a pfx certificate ?