{"id":319,"date":"2016-01-19T14:32:41","date_gmt":"2016-01-19T14:32:41","guid":{"rendered":"http:\/\/www.pkipartner.support\/?page_id=319"},"modified":"2016-01-21T14:26:01","modified_gmt":"2016-01-21T14:26:01","slug":"codesign-converting-a-pfx-file-to-spc-and-pvk-files","status":"publish","type":"page","link":"https:\/\/pkipartner.com\/support\/codesign-converting-a-pfx-file-to-spc-and-pvk-files\/","title":{"rendered":"Codesign &#8211; Converting a PFX file to SPC and PVK files"},"content":{"rendered":"<h1>Converting a PFX file to SPC and PVK files<\/h1>\n<p>Export Certificate with Private Key.<\/p>\n<p>Use the export wizard with the following options:<\/p>\n<p style=\"padding-left: 30px;\">1. Export Private Key (Yes)<br \/>\n2. DO NOT TICK include all certificates in the certification path if possible<br \/>\n3. TICK enable strong protection<br \/>\n4. DO NOT TICK delete private key<\/p>\n<p>Prerequisite: OpenSSL 0.9.8 or better. OpenSSL 1.x preferred.<\/p>\n<p><strong>Note:<\/strong> If you are running Windows you may download OpenSSL here. Otherwise, you can find compiled binaries<br \/>\ndirectly from the OpenSSL Website or consult your Operating System&#8217;s package management feature.<\/p>\n<p><strong>Private Key (PVK)<\/strong><\/p>\n<p style=\"padding-left: 30px;\">1. Extract your Private Key from the PFX\/P12 file to PEM format.<\/p>\n<p style=\"padding-left: 60px;\">openssl pkcs12 -in PFX_FILE -nocerts -nodes -out PEM_KEY_FILE<\/p>\n<p style=\"padding-left: 60px;\"><strong>Note:<\/strong> The PFX\/P12 password will be asked. This is the password you gave the file upon exporting it.<\/p>\n<p style=\"padding-left: 30px;\">2. Convert PEM Private Key to PVK format.<\/p>\n<p style=\"padding-left: 60px;\"><strong>OpenSSL 0.9.8 series:<\/strong><br \/>\npvk -in PEM_KEY_FILE -topvk -out PVK_FILE<\/p>\n<p style=\"padding-left: 60px;\"><strong>OpenSSL 1.x series:<\/strong><br \/>\nopenssl rsa -in PEM_KEY_FILE -outform PVK -pvk-strong -out PVK_FILE<\/p>\n<p style=\"padding-left: 30px;\"><strong>Note #1:<\/strong> In order to use pvk for OpenSSL 0.9.8 series, you must download PVK Transform.<\/p>\n<p style=\"padding-left: 30px;\">\n<strong>Note #2:<\/strong> A PEM passphrase may be asked. This will be the password\/passphrase that you will use to sign<br \/>\nyour code.<\/p>\n<p style=\"padding-left: 30px;\"><strong>Software Publisher&#8217;s Certificate (SPC)<\/strong><\/p>\n<p style=\"padding-left: 60px;\">1. Extract Certificate from P12\/PFX file.<\/p>\n<p style=\"padding-left: 90px;\">openssl pkcs12 -in PFX_FILE -nokeys -out CERT_PEM_FILE<\/p>\n<p style=\"padding-left: 60px;\">2. Convert Certificate to SPC format.<\/p>\n<p style=\"padding-left: 90px;\">openssl crl2pkcs7 -nocrl -certfile CERT_PEM_FILE -outform DER -out SPC_FILE<\/p>\n<p style=\"padding-left: 30px;\"><strong>Note:<\/strong> If you have exported your certificate from another browser outside of IE, then please ensure in the<br \/>\nCERT_PEM_FILE that ONLY your certificate exists or else code signing will NOT WORK!<\/p>\n<p style=\"padding-left: 30px;\">\n<strong>Example Conversion<\/strong><\/p>\n<p style=\"padding-left: 30px;\"><strong>PVK<\/strong><br \/>\nopenssl pkcs12 -in my_pfx_file.pfx -nocerts -nodes -out rsa.pem<br \/>\nopenssl rsa -in rsa.pem -outform PVK -pvk-strong -out mykey.pvk<\/p>\n<p style=\"padding-left: 30px;\"><strong>SPC<\/strong><br \/>\nopenssl pkcs12 -in my_pfx_file.pfx -nokeys -nodes -out cert.pem<br \/>\nopenssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Converting a PFX file to SPC and PVK files Export Certificate with Private Key. Use the export wizard with the following options: 1. Export Private Key (Yes) 2. DO NOT TICK include all certificates in the certification path if possible 3. TICK enable strong protection 4. DO NOT TICK delete\u2026<\/p>\n<p> <a class=\"continue-reading-link\" href=\"https:\/\/pkipartner.com\/support\/codesign-converting-a-pfx-file-to-spc-and-pvk-files\/\"><span>Continue reading<\/span><i class=\"crycon-right-dir\"><\/i><\/a> <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/319"}],"collection":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/comments?post=319"}],"version-history":[{"count":3,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/319\/revisions"}],"predecessor-version":[{"id":546,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/319\/revisions\/546"}],"wp:attachment":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/media?parent=319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}