My main workstation runs Linux. It has for quite some time now. I had some issues getting 3D acceleration passed through using my AMD GPU and VMware Workstation, but finally got it to work. However, this time it’s about signing from within the Windows development VM which I use to develop Windows software.
I always got failures when attempting to sign using that “ACS ACR39U ICC Reader” (inside the VM reported as “VMware Virtual USB CCID”) provided by Certum when getting their open source code-signing certificates (the model of the reader and the smartcards changed some time in 2021, because the key length supported before was no longer sufficient). Either way, the error was rather unspecific and looked as follows:
Error information: "Error: SignerSign() failed." (-2146435052/0x80100014) SignTool Error: An unexpected internal error has occurred.
The symbolic name of the error is
SCARD_F_UNKNOWN_ERROR, which isn’t exactly any more helpful. The mail to the Certum support was answered with a request to supply the order number
Then I decided to try to search for similar issues again on the web and found this website. Obviously the website is about the ESXi product, but that is also hosted by some Linux-y proprietary kernel and so I could get lucky by attempting the suggested steps.
And indeed it turns out that by stopping the
pcscd and setting
usb.generic.allowCCID = "TRUE" inside the
.vmx-file of my VM, I could get it to work. What’s more, the proCertum Manager now displays the reader under its “true” name, which it never did before. And signing works, which was the most important point.
PS: VMware Workstation 16.2.1 (latest on Linux!), proCertum Manager 22.214.171.124, Signtool from VS2022 17.0.5 (some Windows 10/11 SDK presumably).
PPS: The service
pcscd.service should not be running on the host, while attempting this.