We created the certificate request and the private key with openssl as follows
req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
We sent the CSR out and after verification, we got back the spc file. Now I want to sign my code with signtool. Apparently, I need to generate a pfx file combining the spc and the private key, so I invoke
pvk2pfx.exe -pvk file.pvk -spc file.spc -pfx cert.pfx
This program asks for a password, but we never set a password on the private key. We just pressed enter. If we try to press enter at the dialog, we get
ERROR: Password incorrect.
(Error Code = 0x80070056)
If we try any other text, we get
ERROR: Bad file format.
(Error Code = 0x8007000b)
I also tried using signtool and the wizard, which apparently accepts the spc and pvk separated. When I specify the private key (from disk, CSP: Microsoft strong cryptographic provider, provider type RSA Full) I get
The signing certificate and private key do not match
or do not contain valid information.
Any suggestion?
The problem is that apparently the .key you get from the openssl and the .pkv that signtool and pkv2pfx require are not the same thing. You have to convert the .key from the openssl output , using this pvk utility. It's simple to use and generates the pvk file that microsoft tools want.