It sounds like 'signtool' works great with the KMS CNG provider, but we recently had a user ask about HLK signing, and I didn't have a good answer.
From what I can tell, HLK signing requires an additional setup step: adding a certificate to the certificate store and linking it to the CNG provider.
Microsoft's docs on this say "Instructions on how to configure an HSM client with these components should be documented by your HSM provider.". We don't have any instructions here yet.
It sounds like 'signtool' works great with the KMS CNG provider, but we recently had a user ask about HLK signing, and I didn't have a good answer.
From what I can tell, HLK signing requires an additional setup step: adding a certificate to the certificate store and linking it to the CNG provider.
Microsoft's docs on this say "Instructions on how to configure an HSM client with these components should be documented by your HSM provider.". We don't have any instructions here yet.