diff --git a/AzureSignTool/AuthenticodeKeyVaultSigner.cs b/AzureSignTool/AuthenticodeKeyVaultSigner.cs
index dafcce3..232c466 100644
--- a/AzureSignTool/AuthenticodeKeyVaultSigner.cs
+++ b/AzureSignTool/AuthenticodeKeyVaultSigner.cs
@@ -12,6 +12,7 @@ public class AuthenticodeKeyVaultSigner : IDisposable
         private readonly MemoryCertificateStore _certificateStore;
         private readonly X509Chain _chain;
         private readonly ILogger _logger;
+        private readonly SignCallback _signCallback;
 
         public AuthenticodeKeyVaultSigner(AzureKeyVaultMaterializedConfiguration configuration, TimeStampConfiguration timeStampConfiguration, X509Certificate2Collection additionalCertificates,
             ILogger logger)
@@ -34,6 +35,7 @@ public AuthenticodeKeyVaultSigner(AzureKeyVaultMaterializedConfiguration configu
             {
                 _certificateStore.Add(_chain.ChainElements[i].Certificate);
             }
+            _signCallback = SignCallback;
         }
 
         public int SignFile(string path, string description, string descriptionUrl, bool? pageHashing)
@@ -74,10 +76,9 @@ public int SignFile(string path, string description, string descriptionUrl, bool
                         timestampUrl = null;
                         break;
                 }
-
                 _logger.Log("Getting SIP Data", LogLevel.Verbose);
                 using (var data = SipExtensionFactory.GetSipData(path, flags, contextReceiver, timeStampFlags, storeInfo, timestampUrl,
-                    timestampAlgorithmOid, SignCallback, _configuration.FileDigestAlgorithm, fileInfo, attributes))
+                    timestampAlgorithmOid, _signCallback, _configuration.FileDigestAlgorithm, fileInfo, attributes))
                 {
                     _logger.Log("Calling SignerSignEx3", LogLevel.Verbose);
                     return mssign32.SignerSignEx3
@@ -113,7 +114,7 @@ private int SignCallback(
             uint algId,
             byte[] pDigestToSign,
             uint dwDigestToSign,
-            out CRYPTOAPI_BLOB blob
+            ref CRYPTOAPI_BLOB blob
         )
         {
             _logger.Log("SignCallback", LogLevel.Verbose);
diff --git a/AzureSignTool/Interop/mssign32.cs b/AzureSignTool/Interop/mssign32.cs
index b05ac3e..a9224e1 100644
--- a/AzureSignTool/Interop/mssign32.cs
+++ b/AzureSignTool/Interop/mssign32.cs
@@ -248,6 +248,6 @@ internal delegate int SignCallback(
         [param: In, MarshalAs(UnmanagedType.U4)] uint algId,
         [param: In, MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.U1, SizeParamIndex = 4)] byte[] pDigestToSign,
         [param: In, MarshalAs(UnmanagedType.U4)] uint dwDigestToSign,
-        [param: Out] out CRYPTOAPI_BLOB blob
+        [param: In, Out] ref CRYPTOAPI_BLOB blob
         );
 }