I am using signtool.exe to sign msix file. Signtool is launched from the external application. When it works as a console application, everything works well. But when the launch comes from the Windows service (the service is launched on behalf of the same user), an error arises:
SignTool Error: An error occurred while attempting to load the signing certificate from: C:\Users\Admin\AppData\Local\Temp\Sign\83ebf809-63a9-4aff-9fb1-19ecc4de7c98.msix
Signtool is launched with the following arguments:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.20348.0\x64\signtool.exe" sign /v /a /n "My Org" /tr http://timestamp.globalsign.com/tsa/r6advanced1 /fd SHA256 /td SHA256 "C:\Users\Admin\AppData\Local\Temp\Sign\83ebf809-63a9-4aff-9fb1-19ecc4de7c98.msix".
I tried various options: with a direct selection of a certificate, with an automatic selection of a certificate, with using certificate public key file, etc. - nothing works.
At the same time, I can definitely say that the certificate from the service is available. I used RSA-signing from C# Applications in the same service - the certificate is available, everything is signed.
UPD The solution that solves my problem is a my own program based on the AzureSignTool source code.