Azure.Developer.ArtifactSigning.CryptoProvider 0.1.69

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Azure.Developer.ArtifactSigning.CryptoProvider --version 0.1.69
                    


                    

                
NuGet\Install-Package Azure.Developer.ArtifactSigning.CryptoProvider -Version 0.1.69
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Azure.Developer.ArtifactSigning.CryptoProvider" Version="0.1.69" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Azure.Developer.ArtifactSigning.CryptoProvider" Version="0.1.69" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Azure.Developer.ArtifactSigning.CryptoProvider" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Azure.Developer.ArtifactSigning.CryptoProvider --version 0.1.69
                    


                    

                
#r "nuget: Azure.Developer.ArtifactSigning.CryptoProvider, 0.1.69"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Azure.Developer.ArtifactSigning.CryptoProvider@0.1.69
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Azure.Developer.ArtifactSigning.CryptoProvider&version=0.1.69
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Azure.Developer.ArtifactSigning.CryptoProvider&version=0.1.69
                    


                            Install as a Cake Tool

Azure Artifact Signing CryptoProvider

NuGet

The Azure Artifact Signing CryptoProvider is a .NET library that provides cryptographic signing capabilities using Azure Artifact Signing. It implements an RSA cryptographic provider that delegates signing operations to Azure, enabling secure code signing without exposing private keys locally.

Installation

dotnet add package Azure.Developer.ArtifactSigning.CryptoProvider

Or via the NuGet Package Manager:

Install-Package Azure.Developer.ArtifactSigning.CryptoProvider

Prerequisites

  • An Azure subscription
  • An Azure Artifact Signing account with a configured certificate profile
  • Azure credentials (e.g., DefaultAzureCredential, ClientSecretCredential, etc.)

Quick Start

Basic Usage

using Azure.Developer.ArtifactSigning.CryptoProvider;
using Azure.Identity;

// Create credentials
var credential = new DefaultAzureCredential();

// Create the signing context
var context = new AzSignContext(
    tokenCredential: credential,
    accountName: "your-signing-account",
    certProfile: "your-certificate-profile",
    baseUrl: new Uri("https://your-region.codesigning.azure.net")
);

// Get the signing certificate
var signingCert = context.GetSigningCertificate();

// Get the full certificate chain
var certChain = context.GetCertChain();

// Sign a digest
byte[] digest = /* your digest bytes */;
byte[] signature = context.SignDigest(digest);

Using RSAAzSign for Signing Operations

using Azure.Developer.ArtifactSigning.CryptoProvider;
using System.Security.Cryptography;

// Create the RSA provider backed by Azure Artifact Signing
var rsaProvider = new RSAAzSign(context);

// Sign a hash
byte[] hash = SHA256.HashData(dataToSign);
byte[] signature = rsaProvider.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

// Verify a signature
bool isValid = rsaProvider.VerifyHash(hash, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

With Authenticode Hashes

// For Authenticode signing scenarios
var rsaProvider = new RSAAzSign(context, fileHash: fileHashBytes, authenticodeHash: authenticodeHashBytes);

byte[] signature = rsaProvider.SignHash(tbsHash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

Configuring Options

using Azure.Developer.ArtifactSigning.CryptoProvider.Models;

// Configure retry and timeout behavior
var options = new AzSignContextOptions
{
    TaskRetryCount = 5,        // Number of retries (default: 3)
    TaskTimeOutInSeconds = 120  // Timeout in seconds (default: 60)
};

var context = new AzSignContext(
    tokenCredential: credential,
    accountName: "your-signing-account",
    certProfile: "your-certificate-profile",
    baseUrl: new Uri("https://your-region.codesigning.azure.net"),
    signContextOptions: options
);

Using an Existing CertificateProfileClient

using Azure.CodeSigning;

// If you already have a CertificateProfileClient instance
var cpClient = new CertificateProfileClient(/* your configuration */);

var context = new AzSignContext(
    accountName: "your-signing-account",
    certProfile: "your-certificate-profile",
    cpClient: cpClient
);

API Reference

AzSignContext

The main class for interacting with Azure Artifact Signing.

Method Description
GetSigningCertificate() Retrieves the leaf signing certificate
GetSigningCertificateAsync() Async version of GetSigningCertificate
GetCertChain() Retrieves the full certificate chain
GetCertChainAsync() Async version of GetCertChain
SignDigest() Signs a digest with the configured certificate
SignDigestAsync() Async version of SignDigest

RSAAzSign

An RSA implementation that delegates signing to Azure Artifact Signing.

Property Description
FileHash The hash of the unsigned file
AuthenticodeHash The stable Authenticode hash of the file
Method Description
SignHash() Signs a hash using Azure Artifact Signing
VerifyHash() Verifies a signature using the public key
ExportParameters() Exports public key parameters (private key export throws)

Documentation

Contributing

See CONTRIBUTING.md for guidelines on contributing to this project.

Changelog

See CHANGELOG.md for version history and release notes.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.69 107 1/29/2026
0.1.67 196 1/8/2026

Added dotnet 10 as target framework.