Question: How to use certificate with password?

[YanVugenfirer]

I tried to use this tool to sign SBOM for our driver package with PFX certificate with password and got error.

>"H:\Program Files\Windows Kits\10\Tools\10.0.26063.0\x64\CoseSignTool.exe" sign /PayloadFile NetKVM.sbom.json /PfxCertificate VirtIOTestCertPass.pfx
COSE Sign failed.
The specified network password is not correct.

If I try to use a certificate without a password, everything works.
How should I specify the password for the certificate? How can I use this tool to sign SBOM with an EV Code Signing token certificate?

Best regards

[elantiguamsft]

Hi Yan! Excited to hear about your interest in CoseSignTool :) The correct usage here would be to add /Password:<password> to your command. You can find additional documentation in CoseSignTool.md. In the future, we will be giving users the option to be prompted for passwords at runtime so we can consume it as a secure string. Closing this issue and opening #84 to track that work.

[YanVugenfirer]

Thanks a lot!