Re: .Cab Signing problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I use openssl. You can create your own demo certificate and certificate of
authority or use a valid certificate and certificate of authority from
Verisign, Thawte, etc.

It assumes that you have previously generated or have a valid certificate
with certificate of authority that you will use will to create a .pfx
formatted certificate container.

Here is how I do it:
openssl pkcs12 -in certs\pfxfile.pfx -nocerts -nodes -out pvkspc\keyfile.key
pvk -in pvkspc\keyfile.key -topvk -out pvkspc\outpvkfile.pvk
openssl pkcs12 -in certs\pfxfile.pfx -nokeys -out pvkspc\outpemfile.pem
openssl crl2pkcs7 -nocrl -certfile pvkspc\outpemfile.pem -outform DER -out
pvkspc\outspcfile.spc

Now sign the code:
signcode -spc outspcfile.spc -v pvkspc\outpvkfile.pvk -t
http://timestamp.verisign.com/scripts/timstamp.dll codetobesignedfile

Since you already have a .pvk file, you only need to create the .spc file
from your certificate in .pem format.


"Nadav" <Nadav@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:536F8C31-D2AB-4816-8B83-D644C3C1D55A@xxxxxxxxxxxxxxxx
Hi Guys,

This should be something simple or not possible at all, I have a '.pvk'
file
and I want to generate a corresponding .spc file, I have followed the
instructions on http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx but
failed to generate an adequate cet/spc file, following are the steps I
follow.

1.I have received a valid .pvk from some formal issuer
2.I have used makecert -sk <%mycert.PVK%> <%resulting new .CER file name%>
3.cer2spc <%.CER file name%> <%resulting .SPC file name%>
4.Failed to use SIGNCODE.EXE to sign a .cab file with the received PVK
file
and the generated SPC file, signcode.exe prompts the certificate is
invalid
while writing the password.
5.Browsing the .CER file generated by makesert.exe I can see that this is
a
'demo' certificate ( it expire on 2040 and it doesn't include out
authority )

How can I generate a valid SPC file ?
Is it possible to generate SPC files from a PVK file ?

Any help would be appreciated.

--
Nadav
http://www.sophin.com


.

Relevant Pages

  • Re: X.509 and ssh
    ... by the 60s you were starting to see business countermeasure to this scenario in the offline market, where business checks had a maximum value limit printed on the check. ... The consumer would do a transaction with the merchant ... ... and the merchant would forward the transaction to the responsible (certifying authority) institution for authentication and authorization. ... instead of actually issuing a certificate ... ...
    (comp.security.ssh)
  • Re: Forms Authentication via SSL question
    ... Have you tried installing your Certificate Authority as a trusted CA in the ... "Trusted Root Ceritifcation Authorities" for your local machine (ie. both ... > Server Error in '/IRWebAdmin' Application. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Forms Authentication via SSL question
    ... Have you tried installing your Certificate Authority as a trusted CA in the ... "Trusted Root Ceritifcation Authorities" for your local machine (ie. both ... > Server Error in '/IRWebAdmin' Application. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Digitally sign my own DLL?
    ... This is the reason why we use our own CA certificate. ... - it may be strange that MS let you install silently a new CA into to the list of trusted CA but this is logical: if you trust someone enough to execute its code, you can trust its CA (Certification Authority). ... This is easy, but because the cert was produced by an untrusted root authority, any app signed by it will have the signature ignored by anyone you give your app to. ...
    (microsoft.public.vc.mfc)
  • Re: secure email setup (digital signatures)
    ... > Will your site be acquiring certificates from an online authority like ... > Verisign/Thawte or going with an internal certificate authority? ... > Security tab I believe and set the drop down to their S/MIME certificate ...
    (microsoft.public.outlook)