Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / January 2008

Tip: Looking for answers? Try searching our database.

Issuing Code-signing Certificate with Private Key

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
jwgoerlich@gmail.com - 27 Dec 2007 16:41 GMT
Hello group,

I am issuing a code-signing certificate from an Enterprise CA. I am
currently using the Certificate Services' web interface with the code-
signing template.

There does not seem to be an option to export the private key, though
I understand that is a requirement in Visual Studio 2005. When using
ClickOnce, Visual Studio reponds that "The selected file does not
contain a private key. You must choose a certificate that contains a
private key."

I have exported the key using the Certificates MMC. The Certificate
Authority is reporting that "the associated private key is marked as
not exportable."

What am I missing?

J Wolfgang Goerlich

Related Links:

ClickOnce Manifest Signing and Strong-Name Assembly Signing Using
Visual Studio Project Designer's Signing Page
http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx
Reply to this Message
Brian Komar - 27 Dec 2007 17:58 GMT
You need to create a v2 certificate template based on the default Code
Signing certificate that allows key export. Of course, your enterprise CA
must be running on Enterprise Edition to allow the issuance of the v2
certificate template.
A certificate based on the custom template will allow export as you require
Brian

> Hello group,
>
[quoted text clipped - 21 lines]
> Visual Studio Project Designer's Signing Page
> http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx
Reply to this Message
John Xie - 04 Jan 2008 16:26 GMT
Hi Brian,

I would like to know what the default code sign template used for? If we
can't use it to sign code.

Thanks.

> You need to create a v2 certificate template based on the default Code
> Signing certificate that allows key export. Of course, your enterprise CA
[quoted text clipped - 28 lines]
> > Visual Studio Project Designer's Signing Page
> > http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx 
Reply to this Message
Paul Adare - 04 Jan 2008 17:28 GMT
> Hi Brian,
>
> I would like to know what the default code sign template used for? If we
> can't use it to sign code.

Brian never said that you couldn't use a certificate based on the default
V1 template to sign code. All he said was that you couldn't modify the
template to allow private key export like the OP wanted to do.

>> You need to create a v2 certificate template based on the default Code
>> Signing certificate that allows key export. Of course, your enterprise CA
[quoted text clipped - 28 lines]
>>> Visual Studio Project Designer's Signing Page
>>> http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx 

Signature

Paul Adare
MVP - Virtual Machines
http://www.identit.ca
BPI: A 1960s term used to describe unmentionable parts of the anatomy, as
in
"you bet your bpi".

Reply to this Message
John Xie - 04 Jan 2008 19:02 GMT
Actually, I tried use the v1 template to sign my code. The result is that the
certificate doesn't appear in trusted software publisher store. it is in
personal folder store.

According the link (http://www.kinook.com/blog/?p=10), in order to sign a
code, we need to have the code signing certificate with private key
exportable, and it looks like that we are not able to do that with windows
server 2003 standard edtion.

Also, I would like to know what are this code signing will do? I can list
the following:
1. sign VBA code, so you don't need to change security setting to low to
let it work.
2. When you download the signned code, it will show you certificate in the
Security Warning window.
3. when you run the program, it will show your certificate in the security
warning window.

what else?

thanks.

John

> > Hi Brian,
> >
[quoted text clipped - 37 lines]
> >>> Visual Studio Project Designer's Signing Page
> >>> http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx 
Reply to this Message
Brian Komar - 05 Jan 2008 01:45 GMT
You can use it to sign code.
But, it disables private key export
You stated you want private key export, so you must create a v2 certificate
template to meet this requirement
Brian

> Hi Brian,
>
[quoted text clipped - 36 lines]
>> > Visual Studio Project Designer's Signing Page
>> > http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx
Reply to this Message
jwgoerlich@gmail.com - 04 Jan 2008 23:21 GMT
That is the ticket. Much obliged, Brian.

> You need to create a v2 certificate template based on the default Code
> Signing certificate that allows key export. Of course, your enterprise CA
[quoted text clipped - 34 lines]
>
> - Show quoted text -
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.