Fixing the 'The package contains code signing keys <project>_TemporaryKey.pfx' WACK error

I recently updated a Windows 8 application for a client, but it failed submission to The Windows Application Certification Kit. The problem was shown as: 

The package contains code signing keys <project>_TemporaryKey.pfx

The development key was in the project, but it needed to be to do the signing for the test run. I had no idea what to do so I pinged Jon Box and he asked if the project has been initially done on someone else's machine. That got me thinking - this project file was from an earlier pre-release version of Visual Studio! Perhaps there was a configuration problem with the project itself.

Next, I opened the file uin a text editor and located the PropertyGroup that hosted the key information.




I deleted the PackageCertificateKeyFile to see if Visual Studio would remake it, and it did, and included a hash this time (interesting addition). What was more interesting was that VS changed the ItemGroup node for the key inclusion from Content to None. That was probably the bit that did it.

Hope this helps someone else who runs into this problem.

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites