Open Ssl binaries
http://code.google.com/p/openssl-for-windows/downloads/list
Pvk Tool
http://www.drh-consultancy.demon.co.uk/pvk.html
Exporting the files
Having downloaded and installed the conversion tools, you are ready to export your code signing certificate and private key file from the .pfx file. The commands given below assume that the location of the conversion tools has been added to the PATH environment variable. Otherwise you should type the full path to each program.
In the examples we will also assume that the .pfx file name is mycert.pfx and that the desired output filenames are mykey.pvk and mycert.spc. You may, of course, substitute other names if you so wish, and specify a full path if the files are located in a different folder. Remember to quote the paths to the files if they contain spaces.
Exporting the private key
First export the private key to an OpenSSL .pem format file.
openssl.exe pkcs12 -in mycert.pfx -nocerts -nodes -out mykey.pem
You will be asked for the password of the private key file, if you specified one.
Now you use Dr. Henson's conversion utility to convert the .pem file into the proprietary Microsoft .pvk format.
pvk.exe -in mykey.pem -topvk -strong -out mykey.pvk
That takes care of the private key file.
Exporting the software publishing certificate
Converting your code signing certificate into a software publishing certificate .spc file is also a two stage process. First, the certificate is exported to an OpenSSL .pem format file, and then this is converted to the final .spc format.
openssl.exe pkcs12 -in mycert.pfx -nokeys -out mycert.pem openssl.exe crl2pkcs7 -nocrl -certfile mycert.pem -outform DER -out mycert.spc
Again, you will be asked for the password of the private key file if you specified one.
You now have a .pvk and .spc pair which you can use to digitally sign executables using signcode.exe. The intermediate .pem files created during the conversion are no longer needed, and may be deleted.
No comments:
Post a Comment