Kevin wrote: > I have these two files: > - mycert.pvk (private key generated using microsoft certutil) > - mycert.cer (certificate issued by Verisign) > > I want to import the cert and private key into a cert database
and later wrote: > http://oy-oy.eu/huh/firefox-extension-code-signed-with-spc-pvk/ has a > step-by-step description of signing a jar file with an Authenticode > cert, running the commands on a Windows system. This happened to be > exactly what I needed. Kevin, you're not the first person to have had the problem of getting from .pvk files to .pfx files. None of the people who reported this before you were able to explain how they got the .pvk file in the first place. (They reported that the .pvk file was created by someone else and given to them.) So My questions to you are: - How did you create that pvk file? - What tool did you use? - What current Microsoft documentation instructs users like you to use that tool, and to make pvk files? Based on my reading of various Microsoft web sites on the subject, I conclude that Microsoft considers the pvk file format to be obsolete. They long ago switched to and embraced the PKCS#12 (a.k.a. pfx) file format. They now have a tool for importing the old pvk files into Windows' modern key store. That tool is not distributed with Windows, but is only available by special download, because pvk files are now a thing of the past. IINM, their current tools for requesting a cert put the private key into Windows' key store, and the cert wizard exports keys and certs from there as pfx files, not pvk files. So I think whatever tool creates pvk files must be VERY old by now. I think people should no longer be generating pvk files, and any current documentation that is still advising people to do so is obsolete. If I knew what tool creates it, and what MS documents promote the use of that tool, I could write something to advise people on a better more modern alternative. > I still haven't found a way to do this on the linux platform, but > that's not an issue for me any more. PKCS#12 files are now THE one universally supported file format for storing and moving private keys and certs from one system (or set of software) to another. They're supported by Microsoft, NSS, OpenSSL, and others. Once you have a PKCS#12 file, you can copy it to a Linux system and use it there also. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
