Activities

January 2015
M T W T F S S
« Dec   Feb »
 1234
567891011
12131415161718
19202122232425
262728293031  

How do I re-new code signing Certificate, extracting private key from .pfx

I had a requirement to re-new code signing certificate for a project which is using a MS window client application. Certificate renewal procedure was simple since GOdaddy support previous used CSR for renewing the SSL. So I could able to complete process and got the certificate downloaded.

While I’m opening the Cert zip file, I got surprised as I could see only .spc (codesigning.spc) file in it. So I’m got confused !!

What does that file .spc

This .spc file itself called code signing certificate and we need to import this file along with private key file to re-build the new window client application. Unfortunately I do not have private key file backed yet but I have the .pfx file which was used for issuing ssl one year back.

So I decided to extract the private key file from .pfx file.

How do I extract private key file from .pfx

a. Create .pem file from .pfx
b. Extract rsa private key from .pem file

eg : openssl pkcs12 -in sample.pfx -out sample.pem -nodes

[root@web-test1 iptables]# openssl pkcs12 -in condesigning.pfx  -out condesigning.pem -nodes
Enter Import Password:
MAC verified OK
[root@web-test1 iptables]#

Now you need to extract the private key file

[root@web-test1 iptables]# openssl rsa -in condesigning.pem -out condesigning.key
writing RSA key
[root@web-test1 iptables]# ls

If that private key does not work, you this command to create the exact private key (.pvk) that is referred in the documentation. prior to do that, you may need to download pvk application and install.

root@web-test1 ~]#wget http://www.drh-consultancy.demon.co.uk/pvksrc.tgz.bin
[root@web-test1 ~]#tar -xvf pvksrc.tgz.bin
[root@web-test1 ~]#make && make install
[root@web-test1 ~]#cp pvk /usr/bin/
[root@web-test1 ~]#pvk  -in condesigning.pem  -topvk -strong -out condesigning.pvk

Cool !

Now you can use this private key file to rebuild the code signing application. The following command will append the private key file in to existing certificate file. This command will create a .pfx file to integrate your windows application.

pvkimprt -PFX codesigning.spc codesigning.pvk codesigning.pfx

Note: This command pvkimprt will work only from windows system as it is shipped with Office tool. This command will ask a pass phase that you’d set to protect the private key earlier. PVK Import Utility: http://office.microsoft.com/downloads/2000/pvkimprt.aspx

Note : I got codesigning.spc from Godaddy and codesigning.pvk from the above steps.

Re-build and distribute your app safely !! 🙂

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>