Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
ArunkumarA
New Member

How to sign the .pqx file using a Hardware Token model through the makepqx command?

Hi Team,

According to the makepqx signing documentation, we can sign the .pqx file using a physical .pfx certificate. As you are aware of FIPS 140-2 compliance, we can no longer purchase .pfx certificates, and they will now be provided by an HSM or USB Token model. Consequently, we cannot pass the .pfx certificate to the makepqx command. Please let us know the procedure for signing using the hardware token model.

If using signtool.exe is an option, please provide an example of how to sign the .pqx file.

Power Query Connector Signing Document
https://learn.microsoft.com/en-us/power-query/handling-connector-signing

1 ACCEPTED SOLUTION

Hello,

 

Please try the following:

1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.

2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)

 

.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"

 

If you have your usb inserted and are logged in it should work.

View solution in original post

4 REPLIES 4
ArunkumarA
New Member

Hi @v-junyant-msft Thank you for your kind response, we tried with above command to sign but we received below error,

SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: Cloud.pqx


Kindly refer the attached image and help us to resolve the issue,

pqx-signing-error.png

 

Thanks&Regards,

ArunkumarA.



Hi Team, Anyone help me to fix the above signing problem, currently we have updated to Hardware token model system to sign the package and not able to sign with makepqx command. 

Thank you,

ArunkumarA.

Hello,

 

Please try the following:

1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.

2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)

 

.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"

 

If you have your usb inserted and are logged in it should work.

v-junyant-msft
Community Support
Community Support

Hi @ArunkumarA ,

You can try to follow the steps below:
1. Identify the CSP and Key Container Name: Before signing, you need to identify the Cryptographic Service Provider (CSP) and the key container name used by your hardware token. This information is usually provided by the token vendor or can be found in the token management software.
2. Use SignTool with CSP and Key Container: Once you have the CSP and key container name, you can use the signtool.exe command with the /csp and /k options to specify them.
For example:

signtool sign /csp "YourCSPName" /k "YourKeyContainerName" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /v YourPQXFile.pqx

3. Verify the Signature: After signing, it's a good practice to verify the signature to ensure everything is in order:

signtool verify /pa /v YourPQXFile.pqx

 

Best Regards,
Dino Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

Top Solution Authors
Top Kudoed Authors