How do you disable windows 11 Credential Provider when using Signtool with Safenet token?

126 views Asked by At

Signing a Exe or Dll using Signtool with SafeNet client USB token behavior has changed.

I used to get a password Dialog from the SafeNet Client where i passed it a password.

Windows 11 seems to be brokering this all of a sudden. I get a Windows Security Dialog (Smart Card) Enter your PIN pops up instead. It's not your Windows 11 password. It's looking for the token password. I can't pass this a password!

Can this be disabled? I would like to use Safenet's login where I have more control. I can't find any documentation regarding this.

Note: using /p with signtool doesn't seem to work with a USB signing token.

  • The following two Windows 11 Machines with different popup dialogs. Same version of Windows. - Same version of VS2022. - Same version of SignTool. - Same version of SafeNet Client

Machine 1

Machine 2

Searched internet. Searched Stack Overflow Tried editing Smart Card Policies Tried a Editing Smart Card Providers within Windows Registry to see if I can find the behavior. Tried to read up on credential providers with little help.

1

There are 1 answers

0
Nehluxhes On

First if you are using a USB signing token, why are you specifying a local certificate with /f ? Anyway this behavior can sometimes occur when there are multiple potential certificates (you are using the /a flag !), either delete the other ones or use additional filtering flag like /n or /i

signtool sign /tr "timestampingurl" /td SHA256 /a /fd SHA256 /n "Your company name" /i "GlobalSign" "MyDllName"