"Fortunate are those who take the first steps.” ― Paulo Coelho

How to use the same keyset for strongname signing as well as for manifest and/or Authenticode signing.

Strong name signing requires KeySpec=2 (AT_SIGNATURE). Similar issue was blogged for VS2005 and that still holds true for VS2010. The certificate has KeySpec=1 (AT_EXCHNAGE) and worked around by modifying the certificate to have KeySpeck=1. Steps below helps you to successfully sign the project

1. Using the “Certifiates” MMC export the existing keyset (KeySpec=1) to a PFX file.

2. Delete the existing certificate from the crypto store (using the MMC).

3. Open a CMD prompt.

4. import the PFX file using this command:certutil -importPFX -user <pfxfilename> AT_SIGNATURE

5. Enter the passphrase for the pfx when prompted.

6. You now should have a keyset/Cert with KeySpec=2. If needed you can now export this into another PFX file using the MMC again.

7. Use the new .pfx in the Visual Studio to sign the executable


April 30, 2014 - Posted by | Uncategorized | , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: