From c07e8c4a8f6a5544fd47afb36aaeb2091c691f85 Mon Sep 17 00:00:00 2001 From: Bartosz Klonowski Date: Wed, 16 Apr 2025 18:43:17 +0200 Subject: [PATCH 1/5] Remove misleading statement from mage.exe page --- .../tools/mage-exe-manifest-generation-and-editing-tool.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md index 24091342820e1..523b3e48a2ccd 100644 --- a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md +++ b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md @@ -42,7 +42,7 @@ The following table shows the options supported by the `-New` and `-Update` comm |Options|Default Value|Applies To|Description| |-------------|-------------------|----------------|-----------------| -|**-a, -Algorithm**|sha1RSA|Application manifests.

Deployment manifests.|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA.

Use with the "-Update" option. This option is ignored when using the "-Sign" option| +|**-a, -Algorithm**|sha1RSA|Application manifests.

Deployment manifests.|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA.

Use with the "-Update" option.| |**-appc, -AppCodeBase** `manifestReference`||Deployment manifests.|Inserts a URL or file path reference to the application manifest file. This value must be the full path to the application manifest.| |**-appm, -AppManifest** `manifestPath`||Deployment manifests.|Inserts a reference to a deployment's application manifest into its deployment manifest.

The file indicated by `manifestPath` must exist, or *Mage.exe* will issue an error. If the file referenced by `manifestPath` is not an application manifest, *Mage.exe* will issue an error.| |**-cf, -CertFile** `filePath`||All file types.|Specifies the location of an X509 digital certificate for signing a manifest or license file. This option can be used in conjunction with the **-Password** option if the certificate requires a password for Personal Information Exchange (PFX) files. Starting with .NET Framework 4.7, if the file does not contain a private key, a combination of the **-CryptoProvider** and **-KeyContainer** options is required.

Starting with .NET Framework 4.6.2, *Mage.exe* signs manifests with CNG as well as CAPI certificates.| From 984f240501cc8bb1efd228ec679fe2eb578afcb6 Mon Sep 17 00:00:00 2001 From: Bartosz Klonowski Date: Wed, 16 Apr 2025 18:50:32 +0200 Subject: [PATCH 2/5] Provide -Sign with now supported -TimestampUri and -Algorithm options --- .../tools/mage-exe-manifest-generation-and-editing-tool.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md index 523b3e48a2ccd..0a5ae9a807bfa 100644 --- a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md +++ b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md @@ -78,7 +78,9 @@ The following table shows the options supported by the `-Sign` command, which ap |**-csp, -CryptoProvider** `provider-name`|Specifies the name of a cryptographic service provider (CSP) that contains the private key container. This option requires the **-KeyContainer** option.

This option is available starting with .NET Framework 4.7.| |**-kc, -KeyContainer** `name`|Specifies the key container that contains the name of the private key. This option requires the **CryptoProvider** option.

This option is available starting with .NET Framework 4.7.| |**-pwd, -Password** `passwd`|The password that is used for signing a manifest with a digital certificate. Must be used in conjunction with the **-CertFile** option.| +|**-ti, -TimestampUri** `uri`|The URL of a digital timestamping service. Timestamping the manifests prevents you from having to re-sign the manifests should your digital certificate expire before you deploy the next version of your application.| |**-t, -ToFile** `filePath`|Specifies the output path of the file that has been created or modified.| +|**-a, -Algorithm**|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA.| ## Remarks From c174b70314e3c90c936baeaa42d7d750ee754978 Mon Sep 17 00:00:00 2001 From: Bartosz Klonowski Date: Thu, 24 Apr 2025 01:07:16 +0200 Subject: [PATCH 3/5] Correct typo and move algorithm as the first to keep alphabetical --- .../tools/mage-exe-manifest-generation-and-editing-tool.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md index 0a5ae9a807bfa..f9fe007e6cb64 100644 --- a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md +++ b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md @@ -73,6 +73,7 @@ The following table shows the options supported by the `-Sign` command, which ap | Options | Description | |---------|-------------| +|**-a, -Algorithm**|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA".| |**-cf, -CertFile** `filePath`|Specifies The location of a digital certificate for signing a manifest. This option can be used in conjunction with the **-Password** option if the certificate requires a password for Personal Information Exchange (PFX) files. Starting with .NET Framework 4.7, if the file does not contain a private key, a combination of the **-CryptoProvider** and **-KeyContainer** options is required.

Starting with .NET Framework 4.6.2, *Mage.exe* signs manifests with CNG as well as CAPI certificates.| |**-ch, -CertHash** `hashSignature`|The hash of a digital certificate stored in the personal certificate store of the client computer. This corresponds to the Thumbprint property of a digital certificate viewed in the Windows Certificates Console.

`hashSignature` can be either uppercase or lowercase, and can be supplied either as a single string or with each octet of the Thumbprint separated by spaces and the entire Thumbprint enclosed in quotation marks.| |**-csp, -CryptoProvider** `provider-name`|Specifies the name of a cryptographic service provider (CSP) that contains the private key container. This option requires the **-KeyContainer** option.

This option is available starting with .NET Framework 4.7.| @@ -80,7 +81,6 @@ The following table shows the options supported by the `-Sign` command, which ap |**-pwd, -Password** `passwd`|The password that is used for signing a manifest with a digital certificate. Must be used in conjunction with the **-CertFile** option.| |**-ti, -TimestampUri** `uri`|The URL of a digital timestamping service. Timestamping the manifests prevents you from having to re-sign the manifests should your digital certificate expire before you deploy the next version of your application.| |**-t, -ToFile** `filePath`|Specifies the output path of the file that has been created or modified.| -|**-a, -Algorithm**|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA.| ## Remarks From 89534fe9b89ee88fa2e74695a50f320855d30dde Mon Sep 17 00:00:00 2001 From: Bartosz Klonowski <70535775+BartoszKlonowski@users.noreply.github.com> Date: Thu, 24 Apr 2025 01:08:42 +0200 Subject: [PATCH 4/5] Correct typos in timestamp and algorithm descriptions Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com> --- .../tools/mage-exe-manifest-generation-and-editing-tool.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md index f9fe007e6cb64..0805b138e6ba6 100644 --- a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md +++ b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md @@ -42,7 +42,7 @@ The following table shows the options supported by the `-New` and `-Update` comm |Options|Default Value|Applies To|Description| |-------------|-------------------|----------------|-----------------| -|**-a, -Algorithm**|sha1RSA|Application manifests.

Deployment manifests.|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA.

Use with the "-Update" option.| +|**-a, -Algorithm**|sha1RSA|Application manifests.

Deployment manifests.|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA".

Use with the "-Update" option.| |**-appc, -AppCodeBase** `manifestReference`||Deployment manifests.|Inserts a URL or file path reference to the application manifest file. This value must be the full path to the application manifest.| |**-appm, -AppManifest** `manifestPath`||Deployment manifests.|Inserts a reference to a deployment's application manifest into its deployment manifest.

The file indicated by `manifestPath` must exist, or *Mage.exe* will issue an error. If the file referenced by `manifestPath` is not an application manifest, *Mage.exe* will issue an error.| |**-cf, -CertFile** `filePath`||All file types.|Specifies the location of an X509 digital certificate for signing a manifest or license file. This option can be used in conjunction with the **-Password** option if the certificate requires a password for Personal Information Exchange (PFX) files. Starting with .NET Framework 4.7, if the file does not contain a private key, a combination of the **-CryptoProvider** and **-KeyContainer** options is required.

Starting with .NET Framework 4.6.2, *Mage.exe* signs manifests with CNG as well as CAPI certificates.| @@ -79,7 +79,7 @@ The following table shows the options supported by the `-Sign` command, which ap |**-csp, -CryptoProvider** `provider-name`|Specifies the name of a cryptographic service provider (CSP) that contains the private key container. This option requires the **-KeyContainer** option.

This option is available starting with .NET Framework 4.7.| |**-kc, -KeyContainer** `name`|Specifies the key container that contains the name of the private key. This option requires the **CryptoProvider** option.

This option is available starting with .NET Framework 4.7.| |**-pwd, -Password** `passwd`|The password that is used for signing a manifest with a digital certificate. Must be used in conjunction with the **-CertFile** option.| -|**-ti, -TimestampUri** `uri`|The URL of a digital timestamping service. Timestamping the manifests prevents you from having to re-sign the manifests should your digital certificate expire before you deploy the next version of your application.| +|**-ti, -TimestampUri** `uri`|The URL of a digital timestamping service. Timestamping the manifests prevents you from having to re-sign the manifests if your digital certificate expires before you deploy the next version of your application.| |**-t, -ToFile** `filePath`|Specifies the output path of the file that has been created or modified.| ## Remarks From 44d0503eb328394cc9d535aa306c86e20b285c4c Mon Sep 17 00:00:00 2001 From: Bartosz Klonowski <70535775+BartoszKlonowski@users.noreply.github.com> Date: Sat, 26 Apr 2025 01:16:55 +0200 Subject: [PATCH 5/5] Do not mention sha1RSA as supported value Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com> --- .../tools/mage-exe-manifest-generation-and-editing-tool.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md index 0805b138e6ba6..993ef9e530b8f 100644 --- a/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md +++ b/docs/framework/tools/mage-exe-manifest-generation-and-editing-tool.md @@ -73,7 +73,7 @@ The following table shows the options supported by the `-Sign` command, which ap | Options | Description | |---------|-------------| -|**-a, -Algorithm**|Specifies the algorithm to generate dependency digests with. Value must be "sha256RSA" or "sha1RSA".| +|**-a, -Algorithm**|Specifies the algorithm to generate dependency digests with. The value must be "sha256RSA".| |**-cf, -CertFile** `filePath`|Specifies The location of a digital certificate for signing a manifest. This option can be used in conjunction with the **-Password** option if the certificate requires a password for Personal Information Exchange (PFX) files. Starting with .NET Framework 4.7, if the file does not contain a private key, a combination of the **-CryptoProvider** and **-KeyContainer** options is required.

Starting with .NET Framework 4.6.2, *Mage.exe* signs manifests with CNG as well as CAPI certificates.| |**-ch, -CertHash** `hashSignature`|The hash of a digital certificate stored in the personal certificate store of the client computer. This corresponds to the Thumbprint property of a digital certificate viewed in the Windows Certificates Console.

`hashSignature` can be either uppercase or lowercase, and can be supplied either as a single string or with each octet of the Thumbprint separated by spaces and the entire Thumbprint enclosed in quotation marks.| |**-csp, -CryptoProvider** `provider-name`|Specifies the name of a cryptographic service provider (CSP) that contains the private key container. This option requires the **-KeyContainer** option.

This option is available starting with .NET Framework 4.7.|