After a lot of try and error I have found the reason:
My hybrid extension includes many resource files, the certificate adds a signature for each of this files, after around 300 files the signature starts to become corrupt ( this can be seen in the signature file included in the package) and logically extension manager issues a not valid certificate message when installing.
The solution I have adopted is to include only one compressed file with all resource files instead of any single file, then my extension must unzip it the first time at runtime. It's not ideal but works and all packages are correctly signed.
I have not found any mention to a limit of the files in the documentation but propably no one was thinking on so large extensions
Hope it helps somebody
That's odd. In what way does it become corrupt?
In the signature.xml file each file becomes a DigestValue, after this first 300 ( aprox) the DigestValue is a long not readable collection of strange characters, then it returns to the normal value and after some hundred more again garbage.