Code Signing Fails with "ASN1 bad tag value met"

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
dmwyatt
Posts: 5
Joined: Sun Mar 03, 2013 12:41 pm

Code Signing Fails with "ASN1 bad tag value met"

Post by dmwyatt » Fri Sep 07, 2018 8:46 am

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build:
PowerShellStudio 2018 -- 5.5.154_080918_x64
Operating system:
Windows 10, 64 bit

*** Please add details and screenshots as needed below. ***

Hello!

After success in the past, I can no longer sign my PowerShell scripts from within PowerShell Studio - the process stops with the error "ANS1 bad tag value met". I have only one CodeSigningCert and the option "Certificate in local store:" is blank which is supposed to find the first available code signing certificate.

I used the method prescribed here: https://www.sapien.com/blog/2008/07/02/ ... l-scripts/ My code signed beautifully so my cert appears to be fine. However, this method is not nearly as easy right-clicking on the script tab and choosing to sign. Does anyone have any suggestions?

Don

DO NOT POST SUBSCRIPTIONS, KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM

User avatar
davidc
Posts: 5913
Joined: Thu Aug 18, 2011 4:56 am

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by davidc » Fri Sep 07, 2018 10:14 am

Hello Don,

I have a few questions for you:

1. Do you recall what build you were able to sign with last?
2. Have you tried explicitly selecting the certificate in the settings?
3. What timestamp setting do you have configured?

I found the following article that refers to this error:

https://blogs.msdn.microsoft.com/webtop ... -in-iis-7/

Please check if the second solution works for you.

Thank you,
David
SAPIEN Technologies, Inc.

User avatar
dmwyatt
Posts: 5
Joined: Sun Mar 03, 2013 12:41 pm

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by dmwyatt » Mon Sep 10, 2018 5:44 am

Hello David,

1. I keep updated pretty well and the last time I recall signing was probably February/March of this year. Perhaps you can determine a version from that date range.

2. I've tried selecting my code signing certificate but after closing the dialog and trying again it appears to have chosen the certificate for my smart card. When I attempt to sign I am asked for the card's pin and gives the "ANS1 bad tag value" message.

3. I have the default timestamp provider configured - http://timestamp.globalsign.com/scripts/timstamp.dll[/list]

I checked out the article you provided. My certificate is already in my personal store and already had a private key associated with it.

User avatar
davidc
Posts: 5913
Joined: Thu Aug 18, 2011 4:56 am

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by davidc » Tue Sep 11, 2018 8:10 am

1. Here are the build numbers:
February was 5.5.149
March was 5.5.150
For testing purposes, can you try one of these builds to verify that signed with them?

2. Interesting. I will pass this information along. How many certificates do you have in your certificate store?

3. With the later updates, we changed the timestamp url to:

http://timestamp.globalsign.com/?signature=sha2

We made changes to sign scripts so that it uses a higher encryption level. These changes could potentially be the cause of the issue, but testing the older build will help us determine this.
David
SAPIEN Technologies, Inc.