"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
news:defq69$frk$1@e250.ripco.com...
>I have been using signcode as follows:
>
> signcode -spc myCert.cer -v MyKey.pvk file.cab
>
> Now I'm trying to move to using signtool rather than signcode.
> But signtool doesn't have a command line parameter to provide
> the private key. You must supply a private key container name.
>
> If all I have is a .cer and a .pvk how do I transition to using
> signtool?
>
> I found a utility for VBA called pvkimprt that will import the
> certificate and private key but I'm not sure if this will meet
> my needs as they install the personal store of the user that
> runs the tool. I need the private key container to be available
> from a web application that runs without any user being logged
> on to the machine.
>
> Any ideas?
>
> Thanks...Scott
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:

>Once the key is in the personal store, you can export it to a PFX file that
>includes the private key.  Pvkimprt.exe also has a -PFX option that allows
>direct creation of a PFX file rather than import into the user's personal
>store.



>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>news:defq69$frk$1@e250.ripco.com...
>>I have been using signcode as follows:
>>
>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>
>> Now I'm trying to move to using signtool rather than signcode.
>> But signtool doesn't have a command line parameter to provide
>> the private key. You must supply a private key container name.
>>
>> If all I have is a .cer and a .pvk how do I transition to using
>> signtool?
>>
>> I found a utility for VBA called pvkimprt that will import the
>> certificate and private key but I'm not sure if this will meet
>> my needs as they install the personal store of the user that
>> runs the tool. I need the private key container to be available
>> from a web application that runs without any user being logged
>> on to the machine.
>>
>> Any ideas?
>>
>> Thanks...Scott
>>

"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
news:del4s6$2bd$1@e250.ripco.com...
> My goal is to somehow get the .pvk into a key container in the
> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
> rather than keeping the .pvk on disk and using the "-v" option).
>
> I ran PVKIMPORT to import the cert into the system. The cert
> shows up in the "Personal" store for the current user. I am
> unsure if this will work for me as SIGNTOOL will be launched
> from an ASP.NET page and there may be no user logged on to the
> machine. I suspect that I can override the default cert store
> on import and force it into a System store (rather than a
> Current User store), but that's the least of my worries.
>
> How the heck do I determine the private key container name
> once a certificate has been imported? I need the string that
> I would pass into the "-k" option of SIGNTOOL.
>
> Help!!
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>
>>Once the key is in the personal store, you can export it to a PFX file
>>that
>>includes the private key.  Pvkimprt.exe also has a -PFX option that allows
>>direct creation of a PFX file rather than import into the user's personal
>>store.
>
>
>
>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>news:defq69$frk$1@e250.ripco.com...
>>>I have been using signcode as follows:
>>>
>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>
>>> Now I'm trying to move to using signtool rather than signcode.
>>> But signtool doesn't have a command line parameter to provide
>>> the private key. You must supply a private key container name.
>>>
>>> If all I have is a .cer and a .pvk how do I transition to using
>>> signtool?
>>>
>>> I found a utility for VBA called pvkimprt that will import the
>>> certificate and private key but I'm not sure if this will meet
>>> my needs as they install the personal store of the user that
>>> runs the tool. I need the private key container to be available
>>> from a web application that runs without any user being logged
>>> on to the machine.
>>>
>>> Any ideas?
>>>
>>> Thanks...Scott
>>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:

>If you export both the cert and private key to a single PFX file, you'll be
>able to use signtool without specifying a separate key at all.  Here are
>some steps for a simplest-case configuration:

>1.  Run pvkimport to create a PFX file from your SPC and PVK files.  From an
>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>(with paths adjusted as necessary).  Don't specify a password.  Save to a
>file named YourCert.pfx in a known location.

>2.  When you're ready to sign an assembly, run signtool to sign with the
>data from the PFX file created in step 1.  From an appropriate command line,
>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths adjusted as
>necessary).

>If you want to password-protect your PFX file at step 1, you can specify the
>password using the /p command line switch when calling signtool.




>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>news:del4s6$2bd$1@e250.ripco.com...
>> My goal is to somehow get the .pvk into a key container in the
>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>> rather than keeping the .pvk on disk and using the "-v" option).
>>
>> I ran PVKIMPORT to import the cert into the system. The cert
>> shows up in the "Personal" store for the current user. I am
>> unsure if this will work for me as SIGNTOOL will be launched
>> from an ASP.NET page and there may be no user logged on to the
>> machine. I suspect that I can override the default cert store
>> on import and force it into a System store (rather than a
>> Current User store), but that's the least of my worries.
>>
>> How the heck do I determine the private key container name
>> once a certificate has been imported? I need the string that
>> I would pass into the "-k" option of SIGNTOOL.
>>
>> Help!!
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>
>>>Once the key is in the personal store, you can export it to a PFX file
>>>that
>>>includes the private key.  Pvkimprt.exe also has a -PFX option that allows
>>>direct creation of a PFX file rather than import into the user's personal
>>>store.
>>
>>
>>
>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>news:defq69$frk$1@e250.ripco.com...
>>>>I have been using signcode as follows:
>>>>
>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>
>>>> Now I'm trying to move to using signtool rather than signcode.
>>>> But signtool doesn't have a command line parameter to provide
>>>> the private key. You must supply a private key container name.
>>>>
>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>> signtool?
>>>>
>>>> I found a utility for VBA called pvkimprt that will import the
>>>> certificate and private key but I'm not sure if this will meet
>>>> my needs as they install the personal store of the user that
>>>> runs the tool. I need the private key container to be available
>>>> from a web application that runs without any user being logged
>>>> on to the machine.
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks...Scott
>>>>
>>
>>

"Scott Zabolotzky" <zabol***@ripco.com> wrote in message news:devm8h$5hl$1@e250.ripco.com...
> Thanks. I'm sure that would work.
>
> But let's just say that I MUST get the private key into a key
> container and use the -k option (custom signing tool that won't
> take -v or -f arguments, only -k). Any ideas how I would
> accomplish that?
>
> Scott
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>
>>If you export both the cert and private key to a single PFX file, you'll be
>>able to use signtool without specifying a separate key at all.  Here are
>>some steps for a simplest-case configuration:
>
>>1.  Run pvkimport to create a PFX file from your SPC and PVK files.  From an
>>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>>(with paths adjusted as necessary).  Don't specify a password.  Save to a
>>file named YourCert.pfx in a known location.
>
>>2.  When you're ready to sign an assembly, run signtool to sign with the
>>data from the PFX file created in step 1.  From an appropriate command line,
>>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths adjusted as
>>necessary).
>
>>If you want to password-protect your PFX file at step 1, you can specify the
>>password using the /p command line switch when calling signtool.
>
>
>
>
>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>news:del4s6$2bd$1@e250.ripco.com...
>>> My goal is to somehow get the .pvk into a key container in the
>>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>>> rather than keeping the .pvk on disk and using the "-v" option).
>>>
>>> I ran PVKIMPORT to import the cert into the system. The cert
>>> shows up in the "Personal" store for the current user. I am
>>> unsure if this will work for me as SIGNTOOL will be launched
>>> from an ASP.NET page and there may be no user logged on to the
>>> machine. I suspect that I can override the default cert store
>>> on import and force it into a System store (rather than a
>>> Current User store), but that's the least of my worries.
>>>
>>> How the heck do I determine the private key container name
>>> once a certificate has been imported? I need the string that
>>> I would pass into the "-k" option of SIGNTOOL.
>>>
>>> Help!!
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>
>>>>Once the key is in the personal store, you can export it to a PFX file
>>>>that
>>>>includes the private key.  Pvkimprt.exe also has a -PFX option that allows
>>>>direct creation of a PFX file rather than import into the user's personal
>>>>store.
>>>
>>>
>>>
>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>news:defq69$frk$1@e250.ripco.com...
>>>>>I have been using signcode as follows:
>>>>>
>>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>>
>>>>> Now I'm trying to move to using signtool rather than signcode.
>>>>> But signtool doesn't have a command line parameter to provide
>>>>> the private key. You must supply a private key container name.
>>>>>
>>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>>> signtool?
>>>>>
>>>>> I found a utility for VBA called pvkimprt that will import the
>>>>> certificate and private key but I'm not sure if this will meet
>>>>> my needs as they install the personal store of the user that
>>>>> runs the tool. I need the private key container to be available
>>>>> from a web application that runs without any user being logged
>>>>> on to the machine.
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Thanks...Scott
>>>>>
>>>
>>>
>
>

"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
news:devm8h$5hl$1@e250.ripco.com...
> Thanks. I'm sure that would work.
>
> But let's just say that I MUST get the private key into a key
> container and use the -k option (custom signing tool that won't
> take -v or -f arguments, only -k). Any ideas how I would
> accomplish that?
>
> Scott
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>
>>If you export both the cert and private key to a single PFX file, you'll
>>be
>>able to use signtool without specifying a separate key at all.  Here are
>>some steps for a simplest-case configuration:
>
>>1.  Run pvkimport to create a PFX file from your SPC and PVK files.  From
>>an
>>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>>(with paths adjusted as necessary).  Don't specify a password.  Save to a
>>file named YourCert.pfx in a known location.
>
>>2.  When you're ready to sign an assembly, run signtool to sign with the
>>data from the PFX file created in step 1.  From an appropriate command
>>line,
>>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths adjusted
>>as
>>necessary).
>
>>If you want to password-protect your PFX file at step 1, you can specify
>>the
>>password using the /p command line switch when calling signtool.
>
>
>
>
>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>news:del4s6$2bd$1@e250.ripco.com...
>>> My goal is to somehow get the .pvk into a key container in the
>>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>>> rather than keeping the .pvk on disk and using the "-v" option).
>>>
>>> I ran PVKIMPORT to import the cert into the system. The cert
>>> shows up in the "Personal" store for the current user. I am
>>> unsure if this will work for me as SIGNTOOL will be launched
>>> from an ASP.NET page and there may be no user logged on to the
>>> machine. I suspect that I can override the default cert store
>>> on import and force it into a System store (rather than a
>>> Current User store), but that's the least of my worries.
>>>
>>> How the heck do I determine the private key container name
>>> once a certificate has been imported? I need the string that
>>> I would pass into the "-k" option of SIGNTOOL.
>>>
>>> Help!!
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>
>>>>Once the key is in the personal store, you can export it to a PFX file
>>>>that
>>>>includes the private key.  Pvkimprt.exe also has a -PFX option that
>>>>allows
>>>>direct creation of a PFX file rather than import into the user's
>>>>personal
>>>>store.
>>>
>>>
>>>
>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>news:defq69$frk$1@e250.ripco.com...
>>>>>I have been using signcode as follows:
>>>>>
>>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>>
>>>>> Now I'm trying to move to using signtool rather than signcode.
>>>>> But signtool doesn't have a command line parameter to provide
>>>>> the private key. You must supply a private key container name.
>>>>>
>>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>>> signtool?
>>>>>
>>>>> I found a utility for VBA called pvkimprt that will import the
>>>>> certificate and private key but I'm not sure if this will meet
>>>>> my needs as they install the personal store of the user that
>>>>> runs the tool. I need the private key container to be available
>>>>> from a web application that runs without any user being logged
>>>>> on to the machine.
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Thanks...Scott
>>>>>
>>>
>>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:

>If you've imported the certificate into a user or machine certificate store,
>you can run certmgr.exe to determine the CSP and container names for the
>keys.  For example, if you imported the certificate into the store for the
>machine account, you could use the following command line to view the
>details of the certificates in that store:

>certmgr -s -r localMachine my

>Somewhere in the output listing for your certificate, you should see a line
>something like the following:

>Provider Type:: 1 Provider Name:: Microsoft Strong Cryptographic Provider
>Flags:
> 0x20 Container: {<some GUID>} KeySpec: 2

>This will give you the name of the provider ("Microsoft Strong Cryptographic
>Provider" in the sample above) and the name of the key container ("{<some
>GUID>}" in the sample above).




>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>news:devm8h$5hl$1@e250.ripco.com...
>> Thanks. I'm sure that would work.
>>
>> But let's just say that I MUST get the private key into a key
>> container and use the -k option (custom signing tool that won't
>> take -v or -f arguments, only -k). Any ideas how I would
>> accomplish that?
>>
>> Scott
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>
>>>If you export both the cert and private key to a single PFX file, you'll
>>>be
>>>able to use signtool without specifying a separate key at all.  Here are
>>>some steps for a simplest-case configuration:
>>
>>>1.  Run pvkimport to create a PFX file from your SPC and PVK files.  From
>>>an
>>>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>>>(with paths adjusted as necessary).  Don't specify a password.  Save to a
>>>file named YourCert.pfx in a known location.
>>
>>>2.  When you're ready to sign an assembly, run signtool to sign with the
>>>data from the PFX file created in step 1.  From an appropriate command
>>>line,
>>>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths adjusted
>>>as
>>>necessary).
>>
>>>If you want to password-protect your PFX file at step 1, you can specify
>>>the
>>>password using the /p command line switch when calling signtool.
>>
>>
>>
>>
>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>news:del4s6$2bd$1@e250.ripco.com...
>>>> My goal is to somehow get the .pvk into a key container in the
>>>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>>>> rather than keeping the .pvk on disk and using the "-v" option).
>>>>
>>>> I ran PVKIMPORT to import the cert into the system. The cert
>>>> shows up in the "Personal" store for the current user. I am
>>>> unsure if this will work for me as SIGNTOOL will be launched
>>>> from an ASP.NET page and there may be no user logged on to the
>>>> machine. I suspect that I can override the default cert store
>>>> on import and force it into a System store (rather than a
>>>> Current User store), but that's the least of my worries.
>>>>
>>>> How the heck do I determine the private key container name
>>>> once a certificate has been imported? I need the string that
>>>> I would pass into the "-k" option of SIGNTOOL.
>>>>
>>>> Help!!
>>>>
>>>>
>>>>
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>>
>>>>>Once the key is in the personal store, you can export it to a PFX file
>>>>>that
>>>>>includes the private key.  Pvkimprt.exe also has a -PFX option that
>>>>>allows
>>>>>direct creation of a PFX file rather than import into the user's
>>>>>personal
>>>>>store.
>>>>
>>>>
>>>>
>>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>>news:defq69$frk$1@e250.ripco.com...
>>>>>>I have been using signcode as follows:
>>>>>>
>>>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>>>
>>>>>> Now I'm trying to move to using signtool rather than signcode.
>>>>>> But signtool doesn't have a command line parameter to provide
>>>>>> the private key. You must supply a private key container name.
>>>>>>
>>>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>>>> signtool?
>>>>>>
>>>>>> I found a utility for VBA called pvkimprt that will import the
>>>>>> certificate and private key but I'm not sure if this will meet
>>>>>> my needs as they install the personal store of the user that
>>>>>> runs the tool. I need the private key container to be available
>>>>>> from a web application that runs without any user being logged
>>>>>> on to the machine.
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>>> Thanks...Scott
>>>>>>
>>>>
>>>>
>>
>>

>
>
> What am I missing here???
>
> Scott
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>
>>If you've imported the certificate into a user or machine certificate
>>store,
>>you can run certmgr.exe to determine the CSP and container names for the
>>keys.  For example, if you imported the certificate into the store for the
>>machine account, you could use the following command line to view the
>>details of the certificates in that store:
>
>>certmgr -s -r localMachine my
>
>>Somewhere in the output listing for your certificate, you should see a
>>line
>>something like the following:
>
>>Provider Type:: 1 Provider Name:: Microsoft Strong Cryptographic Provider
>>Flags:
>> 0x20 Container: {<some GUID>} KeySpec: 2
>
>>This will give you the name of the provider ("Microsoft Strong
>>Cryptographic
>>Provider" in the sample above) and the name of the key container ("{<some
>>GUID>}" in the sample above).
>
>
>
>
>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>news:devm8h$5hl$1@e250.ripco.com...
>>> Thanks. I'm sure that would work.
>>>
>>> But let's just say that I MUST get the private key into a key
>>> container and use the -k option (custom signing tool that won't
>>> take -v or -f arguments, only -k). Any ideas how I would
>>> accomplish that?
>>>
>>> Scott
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>
>>>>If you export both the cert and private key to a single PFX file, you'll
>>>>be
>>>>able to use signtool without specifying a separate key at all.  Here are
>>>>some steps for a simplest-case configuration:
>>>
>>>>1.  Run pvkimport to create a PFX file from your SPC and PVK files.
>>>>From
>>>>an
>>>>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>>>>(with paths adjusted as necessary).  Don't specify a password.  Save to
>>>>a
>>>>file named YourCert.pfx in a known location.
>>>
>>>>2.  When you're ready to sign an assembly, run signtool to sign with the
>>>>data from the PFX file created in step 1.  From an appropriate command
>>>>line,
>>>>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths
>>>>adjusted
>>>>as
>>>>necessary).
>>>
>>>>If you want to password-protect your PFX file at step 1, you can specify
>>>>the
>>>>password using the /p command line switch when calling signtool.
>>>
>>>
>>>
>>>
>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>news:del4s6$2bd$1@e250.ripco.com...
>>>>> My goal is to somehow get the .pvk into a key container in the
>>>>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>>>>> rather than keeping the .pvk on disk and using the "-v" option).
>>>>>
>>>>> I ran PVKIMPORT to import the cert into the system. The cert
>>>>> shows up in the "Personal" store for the current user. I am
>>>>> unsure if this will work for me as SIGNTOOL will be launched
>>>>> from an ASP.NET page and there may be no user logged on to the
>>>>> machine. I suspect that I can override the default cert store
>>>>> on import and force it into a System store (rather than a
>>>>> Current User store), but that's the least of my worries.
>>>>>
>>>>> How the heck do I determine the private key container name
>>>>> once a certificate has been imported? I need the string that
>>>>> I would pass into the "-k" option of SIGNTOOL.
>>>>>
>>>>> Help!!
>>>>>
>>>>>
>>>>>
>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>>>
>>>>>>Once the key is in the personal store, you can export it to a PFX file
>>>>>>that
>>>>>>includes the private key.  Pvkimprt.exe also has a -PFX option that
>>>>>>allows
>>>>>>direct creation of a PFX file rather than import into the user's
>>>>>>personal
>>>>>>store.
>>>>>
>>>>>
>>>>>
>>>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>>>news:defq69$frk$1@e250.ripco.com...
>>>>>>>I have been using signcode as follows:
>>>>>>>
>>>>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>>>>
>>>>>>> Now I'm trying to move to using signtool rather than signcode.
>>>>>>> But signtool doesn't have a command line parameter to provide
>>>>>>> the private key. You must supply a private key container name.
>>>>>>>
>>>>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>>>>> signtool?
>>>>>>>
>>>>>>> I found a utility for VBA called pvkimprt that will import the
>>>>>>> certificate and private key but I'm not sure if this will meet
>>>>>>> my needs as they install the personal store of the user that
>>>>>>> runs the tool. I need the private key container to be available
>>>>>>> from a web application that runs without any user being logged
>>>>>>> on to the machine.
>>>>>>>
>>>>>>> Any ideas?
>>>>>>>
>>>>>>> Thanks...Scott
>>>>>>>
>>>>>
>>>>>
>>>
>>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:Og9dO6YrFHA.3216@TK2MSFTNGP12.phx.gbl...

> "Scott Zabolotzky" <zabol***@ripco.com> wrote in message news:df23l2$5t$3@e250.ripco.com...
>>I appreciate your help, I really do. Hopefully you'll bear with me
>> long enough to get me through this ;-)
>>
>> When I run PVKIMPORT and let it choose the store automatically
>> it goes into
>> "Certificates - Current User | Personal | Certificates"
>>
>> If I run
>>
>> certmgr -s Personal
>
> The actual store names do not correspond to the tab labels in the certmgr UI.  For the certificates that show up on the "Personal"
> tab, use the "MY" store name.  e.g.:
>
> certmgr -s MY
>
>
>> it says "No Certificates".
>>
>> If I manually choose the store when I run PVKIMPORT, I choose
>> "Show physical stores" and then select
>> "Trusted Publishers | Local Computer"
>>
>> This puts the cert into
>> "Certificates (Local Computer) | Trusted Publishers | Certificates"
>
> That's the store for certificates that your machine will trust to run code without warning the user (e.g.: for an Office macro).
> This isn't the appropriate primary location for your own signing certificates (although you might have reason for adding a public
> key only copy to this location if you actually want to run certain types of code signed with this key).
>
>>
>> If I run
>>
>> certmgr -s -r localMachine TrustedPublishers
>>
>> it still says "No Certificates"
>
> Again, wrong name.  In this case, it's "TrustedPublisher" (no "s" at the end).  I don't know of any built-in utilities for listing
> the store names for the current machine, but Michael Willers has published source code for a small C# console app that lists all
> the stores at http://staff.newtelligence.net/michaelw/PermaLink.aspx?guid=94346323-4829-41fb-ae7d-d8ef921d912d.
>
>
>>
>>
>> What am I missing here???
>>
>> Scott
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>
>>>If you've imported the certificate into a user or machine certificate store,
>>>you can run certmgr.exe to determine the CSP and container names for the
>>>keys.  For example, if you imported the certificate into the store for the
>>>machine account, you could use the following command line to view the
>>>details of the certificates in that store:
>>
>>>certmgr -s -r localMachine my
>>
>>>Somewhere in the output listing for your certificate, you should see a line
>>>something like the following:
>>
>>>Provider Type:: 1 Provider Name:: Microsoft Strong Cryptographic Provider
>>>Flags:
>>> 0x20 Container: {<some GUID>} KeySpec: 2
>>
>>>This will give you the name of the provider ("Microsoft Strong Cryptographic
>>>Provider" in the sample above) and the name of the key container ("{<some
>>>GUID>}" in the sample above).
>>
>>
>>
>>
>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>news:devm8h$5hl$1@e250.ripco.com...
>>>> Thanks. I'm sure that would work.
>>>>
>>>> But let's just say that I MUST get the private key into a key
>>>> container and use the -k option (custom signing tool that won't
>>>> take -v or -f arguments, only -k). Any ideas how I would
>>>> accomplish that?
>>>>
>>>> Scott
>>>>
>>>>
>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>>
>>>>>If you export both the cert and private key to a single PFX file, you'll
>>>>>be
>>>>>able to use signtool without specifying a separate key at all.  Here are
>>>>>some steps for a simplest-case configuration:
>>>>
>>>>>1.  Run pvkimport to create a PFX file from your SPC and PVK files. From
>>>>>an
>>>>>appropriate command line, run "pvkimport -PFX YourCert.spc YourKey.pvk"
>>>>>(with paths adjusted as necessary).  Don't specify a password.  Save to a
>>>>>file named YourCert.pfx in a known location.
>>>>
>>>>>2.  When you're ready to sign an assembly, run signtool to sign with the
>>>>>data from the PFX file created in step 1.  From an appropriate command
>>>>>line,
>>>>>run "signtool sign /f YourCert.pfx YourAssembly.dll" (with paths adjusted
>>>>>as
>>>>>necessary).
>>>>
>>>>>If you want to password-protect your PFX file at step 1, you can specify
>>>>>the
>>>>>password using the /p command line switch when calling signtool.
>>>>
>>>>
>>>>
>>>>
>>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>>news:del4s6$2bd$1@e250.ripco.com...
>>>>>> My goal is to somehow get the .pvk into a key container in the
>>>>>> system so that I can use the "-k" option of SIGNTOOL (or SIGNCODE
>>>>>> rather than keeping the .pvk on disk and using the "-v" option).
>>>>>>
>>>>>> I ran PVKIMPORT to import the cert into the system. The cert
>>>>>> shows up in the "Personal" store for the current user. I am
>>>>>> unsure if this will work for me as SIGNTOOL will be launched
>>>>>> from an ASP.NET page and there may be no user logged on to the
>>>>>> machine. I suspect that I can override the default cert store
>>>>>> on import and force it into a System store (rather than a
>>>>>> Current User store), but that's the least of my worries.
>>>>>>
>>>>>> How the heck do I determine the private key container name
>>>>>> once a certificate has been imported? I need the string that
>>>>>> I would pass into the "-k" option of SIGNTOOL.
>>>>>>
>>>>>> Help!!
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> writes:
>>>>>>
>>>>>>>Once the key is in the personal store, you can export it to a PFX file
>>>>>>>that
>>>>>>>includes the private key.  Pvkimprt.exe also has a -PFX option that
>>>>>>>allows
>>>>>>>direct creation of a PFX file rather than import into the user's
>>>>>>>personal
>>>>>>>store.
>>>>>>
>>>>>>
>>>>>>
>>>>>>>"Scott Zabolotzky" <zabol***@ripco.com> wrote in message
>>>>>>>news:defq69$frk$1@e250.ripco.com...
>>>>>>>>I have been using signcode as follows:
>>>>>>>>
>>>>>>>> signcode -spc myCert.cer -v MyKey.pvk file.cab
>>>>>>>>
>>>>>>>> Now I'm trying to move to using signtool rather than signcode.
>>>>>>>> But signtool doesn't have a command line parameter to provide
>>>>>>>> the private key. You must supply a private key container name.
>>>>>>>>
>>>>>>>> If all I have is a .cer and a .pvk how do I transition to using
>>>>>>>> signtool?
>>>>>>>>
>>>>>>>> I found a utility for VBA called pvkimprt that will import the
>>>>>>>> certificate and private key but I'm not sure if this will meet
>>>>>>>> my needs as they install the personal store of the user that
>>>>>>>> runs the tool. I need the private key container to be available
>>>>>>>> from a web application that runs without any user being logged
>>>>>>>> on to the machine.
>>>>>>>>
>>>>>>>> Any ideas?
>>>>>>>>
>>>>>>>> Thanks...Scott
>>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>
>>
>
>

"Michel Gallant" <neut***@istar.ca> writes:

>Here's a utility to list all CrypoAPI store names (as enumerated via the registry) for either
>the CU or LM stores . It also lists all keycontainer names for certs containing
>associated private keys, as well as orphaned keypairs:
>  http://www.jensign.com/JavaScience/KeyContainerTool

"Scott Zabolotzky" <zabol***@ripco.com> wrote in message news:df36fr$ejl$1@e250.ripco.com...
> Thank you!Thank you!Thank you!Thank you!Thank you! :-)
>
> Although I couldn't get the tool on the URL to run (for some reason
> the applet wouldn't init properly in IE) the author of that tool
> had a sample VB script that does the same thing:
>
> http://www.jensign.com/JavaScience/cryptoutils/PVKCertsWMI.txt
>
> This printed out the GUID for the key container name and I can now
> sign the CAB file using signcode with the /k parameter!!
>
> Thanks again!
>
> Scott
>
> "Michel Gallant" <neut***@istar.ca> writes:
>
>>Here's a utility to list all CrypoAPI store names (as enumerated via the registry) for either
>>the CU or LM stores . It also lists all keycontainer names for certs containing
>>associated private keys, as well as orphaned keypairs:
>>  http://www.jensign.com/JavaScience/KeyContainerTool
>