PackageCertificatePassword argument does not support password protected certificate files

[omghb]

Describe the bug

Issue Description

I have a password protected certificate file (PKCS12) for signing a MAUI (WinUI 3) app as packaged MSIX. So I try to use the PackageCertificatePassword argument to pass the password. This results in:

C:\Users\user1\.nuget\packages\microsoft.windowsappsdk\1.3.230724000\buildTransitive\Microsoft.Build.Msix.Packaging.targets(515,5): 
error APPX0105: Cannot import the key file 'C:\Temp\Cert\example.p12'. The key file may be password protected. 
To correct this, try to import the certificate manually into the current user's personal certificate store.

The MS documentation writes that this is not supported: link

Note that a password is only supported for the private key; using a certificate file that is itself password-protected is not currently supported.

Workaround Removing the password protection from the PKCS12 file enables the file to be used for signing.

Security considerations

• Installing in the personal certificate store (as mentioned in the error) shouldn't be done as the build runs on shared build servers.
• I want to avoid working with unprotected files that contain private keys. The build infrastructure allows to keep those files "secret" but I still prefer to keep the password protection in place.

Steps to reproduce the bug

Expected behavior

No response

Screenshots

No response

NuGet package version

None

Packaging type

Packaged (MSIX)

Windows version

Windows 10 version 22H2 (19045, 2022 Update)

IDE

Visual Studio 2022

Additional context

No response

[andreas668]

Any news here?

[ssparach]

The latest version of Microsoft.Windows.SDK.BuildTools.MSIX allows passing a password-protected value to the signing task using the appropriate parameter. If you're still encountering issues, please file a new issue with detailed steps to reproduce and any other relevant information. Thanks!