.Cab Signing problem

[Guest]

Hi Guys,

This should be something simple or not possible at all, I have a ‘.pvk’ file
and I want to generate a corresponding .spc file, I have followed the
instructions on http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx but
failed to generate an adequate cet/spc file, following are the steps I follow.

1.I have received a valid .pvk from some formal issuer
2.I have used makecert –sk <%mycert.PVK%> <%resulting new .CER file name%>
3.cer2spc <%.CER file name%> <%resulting .SPC file name%>
4.Failed to use SIGNCODE.EXE to sign a .cab file with the received PVK file
and the generated SPC file, signcode.exe prompts the certificate is invalid
while writing the password.
5.Browsing the .CER file generated by makesert.exe I can see that this is a
‘demo’ certificate ( it expire on 2040 and it doesn’t include out authority )

How can I generate a valid SPC file ?
Is it possible to generate SPC files from a PVK file ?

Any help would be appreciated.

 

[Michael Phillips, Jr.]

I use openssl. You can create your own demo certificate and certificate of
authority or use a valid certificate and certificate of authority from
Verisign, Thawte, etc.

It assumes that you have previously generated or have a valid certificate
with certificate of authority that you will use will to create a .pfx
formatted certificate container.

Here is how I do it:
openssl pkcs12 -in certs\pfxfile.pfx -nocerts -nodes -out pvkspc\keyfile.key
pvk -in pvkspc\keyfile.key -topvk -out pvkspc\outpvkfile.pvk
openssl pkcs12 -in certs\pfxfile.pfx -nokeys -out pvkspc\outpemfile.pem
openssl crl2pkcs7 -nocrl -certfile pvkspc\outpemfile.pem -outform DER -out
pvkspc\outspcfile.spc

Now sign the code:
signcode -spc outspcfile.spc -v pvkspc\outpvkfile.pvk -t
http://timestamp.verisign.com/scripts/timstamp.dll codetobesignedfile

Since you already have a .pvk file, you only need to create the .spc file
from your certificate in .pem format.