Signing assemblies with strong name using pfx and visual studio

Question

So here is the problem: We have decided to buy a code signing certificate, we bought one from Godaddy which was in p12 format.

After researching I found out that p12 and pfx is the same thing with a different extension so I renamed it to pfx. I also got spc and p7c files but I don't have a clue what to do with them.

Anyway, I tried to add my certificate to my Visual Studio 2013 solution and here is what I get:

• First I get a password prompt and after I input the password I am getting an error saying

  "An attempt was made to reference a token that does not exist."
  

• On my second try to install the pfx I am getting no prompts or error messages at all but when I build I am getting the error

  "Cannot import the following key file: something.pfx 
  The key file may be password protected.
  To correct this, try to import the certificate again or 
  manually install the certificate to the Strong Name CSP with the following
  key container name: VS_KEY_33FA18307607ECFB"
  

• So I am doing that using

  sn -i something.pfx VS_KEY_33FA18307607ECFB
  

  which completes with no errors but when I try to build again I am getting the exact same error with the same container name.

  "Cannot import the following key file: something.pfx ....
  

I tried to use the signtool which is what Goddady support recommends as an alternative but although it signs the assembly it does not provide strongnaming which I need.

I also tried to extract the certificate from the pfx to an snk using

    sn -p something.pfx key.snk

and selected delayed signing but the project didn't build again with even more errors.

Rhetorical question: why is this so hard? So many people have problems with this.

Can someone please help?

Answer 1

I have just encountered the same issue and this article saved my bacon!

All I needed to do was recreate my Code Signing cert with KeySpec set to 2 (AT_SIGNATURE) and now VS (2013) imports and signs my assembly without error! :-D

I realize that this is a bit different to your scenario, but I hope this can help in some way ...

Answer 2

I own a Comodo (.p12) certificate and ran into the same issue and solved it based on @SmithPlatts answer and @Ares comment. Here is a detailed walkthrough for those who are not savvy (like me) with certificates:

1. Open Command Prompt with admin privileges.
2. Type command: certutil -importPFX "<certFilepath>\<certFilename>.p12" AT_SIGNATURE (AT_SIGNATURE is what makes this work instead of [Right-click .p12 file]-->'Install PFX')
3. Type a password of your choice.
4. Open mmc.exe with admin privileges, File-->Add/Remove Snap-in...
5. Add 'Certificates'
6. Choose 'Computer Account'
7. Under Console Root/Certificates (Local Computer)/Personal/Certificates locate your certificate installed by step 2.
8. Right click Cert/All Tasks/Export-->Next/Yes, export the private key
9. Go to 'Personal Information Exchange - PKCS #12 (.PFX)'
10. Uncheck 'Include all certificates...'. Important! If checked VS will produce this message: "Cannot find the certificate and private key for decryption" when signing.
11. Check 'Export all extended properties' (Optional).
12. You can check 'Delete the private key...' if you are not planning to re-export in the future.
13. Tick password and type the password of step 3.
14. Choose file path and file name for the exported (.pfx) certificate.
15. Use exported .pfx file to sign your assembly/project from VS.
16. Build project to make sure that pfx works properly.

Answer 3

I had this problem and fixed it by opening Visual Studio as an Administrator.

Answer 4

I solved this problem recreating the PFX using openssl with the -keysig option.

openssl pkcs12 -export -out "MyPfx.pfx" -keysig -inkey "MyKey.key" -in "MyCer.cer"

Answer 5

Was running into this issue as well as perhaps related issues people have alluded to.

Working in a corporate environment in a development department within a larger IT department, I don't have complete local admin permissions. As such when I run VS it doesn't run as local administrator.

Once I set up my shortcut to run VS 2013/2015, the issues I was seeing with singing an assembly...disappeared.

This too might save someone time, as well as from pulling out their hair from their roots.