My main workstation runs Linux. It has for quite some time now. I had some issues getting 3D acceleration passed through using my AMD GPU and VMware Workstation, but finally got it to work. However, this time it’s about signing from within the Windows development VM which I use to develop Windows software.
I always got failures when attempting to sign using that “ACS ACR39U ICC Reader” (inside the VM reported as “VMware Virtual USB CCID”) provided by Certum when getting their open source code-signing certificates (the model of the reader and the smartcards changed some time in 2021, because the key length supported before was no longer sufficient). Either way, the error was rather unspecific and looked as follows:
Error information: "Error: SignerSign() failed." (-2146435052/0x80100014) SignTool Error: An unexpected internal error has occurred.
The symbolic name of the error is SCARD_F_UNKNOWN_ERROR
, which isn’t exactly any more helpful. The mail to the Certum support was answered with a request to supply the order number
Then I decided to try to search for similar issues again on the web and found this website. Obviously the website is about the ESXi product, but that is also hosted by some Linux-y proprietary kernel and so I could get lucky by attempting the suggested steps.
And indeed it turns out that by stopping the pcscd
and setting usb.generic.allowCCID = "TRUE"
inside the .vmx
-file of my VM, I could get it to work. What’s more, the proCertum Manager now displays the reader under its “true” name, which it never did before. And signing works, which was the most important point.
// Oliver
PS: VMware Workstation 16.2.1 (latest on Linux!), proCertum Manager 3.5.1.190, Signtool from VS2022 17.0.5 (some Windows 10/11 SDK presumably).
PPS: The service pcscd.service
should not be running on the host, while attempting this.
For whomever might find this in google. This error code is so generic an poorly documented in my opinion.
Got the same error but wasn’t on a vm. Support for my signing cert fixed the error by sending me the correct cert for my yubikey. Since I used my pre existing yubikey they only provided the cert for their cloud service initial.
Yep, there are plenty of overly generic error codes around anything crypto and security related. I think oftentimes it’s intentional. Although it’s not helpful.