Emmanuel Bourg

There is [a fork of OpenOpcSignTool](https://github.com/monrapps/OpenOpcSignTool) by @monrapps supporting HLKX files, that may give some hints on how to implement it in Jsign. I struggle to find examples of HLKX...

Actually the HLKX files are signed by the HLK controller (`hlk.exe sign` on the command line) and not by signtool. Supporting this format in Jsign is likely to be similar...

Thank you for the feedback. Would you be able to sign the `wineyes.exe` file from the Jsign test resources and send it to [email protected] please? I'll get a look.

I looked at the signed file but I fail to see what's wrong. Would you be able to sign it with signtool and see if there is the same error?...

Good question, I assume there is a PKCS#11 library somewhere for Google KMS but I haven't found one yet.

Maybe using this ? https://github.com/nextgens/authenticode-sign-action https://github.com/nextgens/CloudSignTool https://github.com/nextgens/CloudSignTool/releases/download/1.0.0/SignTool.exe

There's propably an issue with the certificate then. Let me know if you find out the issue, that may help others in the future.

Did you try the `certfile` parameter? This allows you to define the certificates added to the signature.

@laurentgo thank you for the PRs, I'll give them a look. Could you elaborate on the credentials issue with Google KMS?

@laurentgo I've checked the documentation about application default credentials, have you tried getting an access token with `gcloud auth application-default print-access-token` and use it for the `storepass` argument? https://cloud.google.com/sdk/gcloud/reference/auth/application-default/print-access-token