The Authenticode File action enables you to automate Authenticode signing of your executable files during your build.
This action requires your Authenticode Signing Certificate to be in a PFX file.
Many CAs provide certificates in two files: an SPC and a PVK. See below for details on converting these to a PFX file.
The Authenticode action also contains fields for "Description" and "Description URL". These fields contain the information which is shown when Windows prompts the user to confirm they want to run the executable (ie the first time a downloaded program is launched, or when a UAC confirmation dialog is shown.)
Creating a PFX File
To make the PFX, you need to use a Microsoft tool called PVKIMPRT. PVKIMPRT is included as part of the Windows Platform SDK, or can be obtained directly at http://office.microsoft.com/downloads/2000/pvkimprt.aspx.
Open a Command Prompt, switch to the directory that contains your certificate files and type:
pvkimprt -PFX mycert.spc mykey.pvk
(Replace the mycert and mykey file names where required).
You will be prompted to enter your private key password (if set.) A dialog will appear with the certificate export wizard. Make sure you select 'Yes, export the private key', and 'Include all certificates in the certification path if possible' options. You are then prompted to enter a password: this is the password you will use for code signing with the created PFX (it should be secure.) Finally, you will prompted for a location to save the new PFX file.
This action includes source code from StreamSec. Its license is reproduced here.
Copyright (c) 2004, Henrick Wibell Hellström, StreamSec
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of StreamSec nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.