Code Signing Fails with "ASN1 bad tag value met"

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
dmwyatt62
Posts: 5
Last visit: Fri Jan 26, 2024 11:34 am

Code Signing Fails with "ASN1 bad tag value met"

Post by dmwyatt62 »

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build:
PowerShellStudio 2018 -- 5.5.154_080918_x64
Operating system:
Windows 10, 64 bit

*** Please add details and screenshots as needed below. ***

Hello!

After success in the past, I can no longer sign my PowerShell scripts from within PowerShell Studio - the process stops with the error "ANS1 bad tag value met". I have only one CodeSigningCert and the option "Certificate in local store:" is blank which is supposed to find the first available code signing certificate.

I used the method prescribed here: https://www.sapien.com/blog/2008/07/02/ ... l-scripts/ My code signed beautifully so my cert appears to be fine. However, this method is not nearly as easy right-clicking on the script tab and choosing to sign. Does anyone have any suggestions?

Don

DO NOT POST SUBSCRIPTIONS, KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by davidc »

Hello Don,

I have a few questions for you:

1. Do you recall what build you were able to sign with last?
2. Have you tried explicitly selecting the certificate in the settings?
3. What timestamp setting do you have configured?

I found the following article that refers to this error:

https://blogs.msdn.microsoft.com/webtop ... -in-iis-7/

Please check if the second solution works for you.

Thank you,
David
SAPIEN Technologies, Inc.
User avatar
dmwyatt62
Posts: 5
Last visit: Fri Jan 26, 2024 11:34 am

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by dmwyatt62 »

Hello David,

1. I keep updated pretty well and the last time I recall signing was probably February/March of this year. Perhaps you can determine a version from that date range.

2. I've tried selecting my code signing certificate but after closing the dialog and trying again it appears to have chosen the certificate for my smart card. When I attempt to sign I am asked for the card's pin and gives the "ANS1 bad tag value" message.

3. I have the default timestamp provider configured - http://timestamp.globalsign.com/scripts/timstamp.dll[/list]

I checked out the article you provided. My certificate is already in my personal store and already had a private key associated with it.
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Code Signing Fails with "ASN1 bad tag value met"

Post by davidc »

1. Here are the build numbers:
February was 5.5.149
March was 5.5.150
For testing purposes, can you try one of these builds to verify that signed with them?

2. Interesting. I will pass this information along. How many certificates do you have in your certificate store?

3. With the later updates, we changed the timestamp url to:

http://timestamp.globalsign.com/?signature=sha2

We made changes to sign scripts so that it uses a higher encryption level. These changes could potentially be the cause of the issue, but testing the older build will help us determine this.
David
SAPIEN Technologies, Inc.
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.