Signing Plugin always throws NullPointerException: pemObject must not be null Follow

Got the same result with folowing the same steps on Windows

Please share your project sources/link and make sure you're using latest gradle-intellij-plugin (1.2.1)

I've found the issue (gradle-intellij-plugin 1.2.0). The docs recommend to use ENV vars but it doesn't support multi-line. I changed it to my key and cert location. 

certificateChain = new File(System.getenv("CERTIFICATE_CHAIN") ?: "./certs/chain.crt").getText('UTF-8')

see also https://stackoverflow.com/questions/49457787/how-to-export-a-multi-line-environment-variable-in-bash-terminal-e-g-rsa-privat

I encounter the same issue that the original post. (tested with gradle-intellij-plugin 1.1.6 and 1.2.1, Windows 10).

There is already an issue on github : https://github.com/JetBrains/marketplace-zip-signer/issues/28

The temporary solution of Rhaalebos to store the location to the private key and cert in env vars worked

signPlugin {
    password.set(System.getenv("PRIVATE_KEY_PASSWORD"))
    certificateChain.set(File(System.getenv("CERTIFICATE_CHAIN") ?: "./.keys/chain.crt").readText(Charsets.UTF_8))
    certificateChain.set(File(System.getenv("PRIVATE_KEY") ?: "./.keys/private.pem").readText(Charsets.UTF_8))
}

I managed to sign it with the methods shown here (even though I tried that with the CLI Tool). So thanks for that.

However, when you want to download the plugin from the store I get this message:

Plugin Signature Checker

Plugin 'PluginName' signature can't be verified:

Zip integrity check failed. CHUNKED_SHA512S digest mismatch

Any Idea whats the problem?
How can I check that the signing worked without needing to upload it to the store

I got a new Error, it's pretty similar to the last, but still different:

Plugin Security Warning

Digital signature verification of the 'PluginName' plugin failed with the following message: Zip integrity check failed. CHUNKED_SHA512S digest mismatch

Could you please provide more details and a minimal reproducible example?

What details do you need?
I have create a minimal copy of the plugin and uploaded it. It will take a while to get reviewed though

Plugin signing still fails with this error with Gradle IntelliJ Plugin 1.3.0. Why is this not fixed?

Still fail in 1.4.0

I fix it by using local gradle properties.

define variable at gradle.properties:

CERTIFICATE_CHAIN=/Users/garen/chain.crt
PRIVATE_KEY=/Users/garen/private.pem
PRIVATE_KEY_PASSWORD=your_password
PUBLISH_TOKEN=your_token

modify build.kts:

tasks {
    signPlugin {
        val cc = project.property("CERTIFICATE_CHAIN") as String
        val pk = project.property("PRIVATE_KEY") as String
        val pkp = project.property("PRIVATE_KEY_PASSWORD") as String
        certificateChain.set(File(cc).readText())
        privateKey.set(File(pk).readText())
        password.set(pkp)
    }
    publishPlugin {
        val token = project.property("PUBLISH_TOKEN") as String
        this.token.set(token)
    }
}

hi guys i found the solution to our problem.

The hint was in the "signPlugin" example. 

In the example the priv key was displayed like this: 

-----BEGIN RSA PRIVATE KEY-----

But if you just create the private.pem file its in this format:

-----BEGIN ENCRYPTED PRIVATE KEY-----

The solution is to decrypt the priv key first (dont ask me why we need to give a priv_key_password aswell to the signPlugin gradle task):

openssl rsa -in inputfilename -out outputfilename

Any update about this ?

You can find the solution in the post above, or in this Repo: https://github.com/AskMeAgain/IntellijPluginTemplate. The readme gives you a complete explanation how it works and the create-secret.sh script does everything for you

The whole signing flow is described in the Plugin Signing article in IntelliJ SDK Docs: https://plugins.jetbrains.com/docs/intellij/plugin-signing.html

The documentation was already updated to address the issue described in this thread.

Note that both the private key and certificate chain are multi-line values. It is necessary to transform them first using Base64 encoding before providing to the single-line field in Environment Variables panel.