PVK2PFX错误0x80070490-找不到与密钥匹配的证书 [英] PVK2PFX Error 0x80070490 - Cannot find certificates that match the key

问题描述

我们从Thawte获得了新的证书(* .cer)文件，我通过了我们的标准程序，允许它与代码签名一起使用.

We got our new certificate (*.cer) file from Thawte, and i went through our standard procedures to allow it for use with code signing.

如果我使用旧的(工作中的)证书:

If i use our old (working) certificate:

1. 将证书( .cer)转换为软件发布证书( .spc)

>Cert2Spc.exe Avatar.cer Avatar.spc
Succeeded

使用SPC将我们的私钥文件(* .pvk)合并为PFX:

Combine our private key file (*.pvk) with the SPC into a PFX:

>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f

提示输入私钥文件密码，输入密码，然后单击确定"

我们很乐意去；准备使用signtool.

And we're good to go; ready to use signtool.

我们现在拥有我们的新证书，我按照相同的步骤进行操作:

We now have our new certificate, and i follow the same procedure:

1. 将证书( .cer)转换为软件发布证书( .spc)

>Cert2Spc.exe Avatar.cer Avatar.spc
Succeeded

使用SPC将我们的私钥文件(* .pvk)合并为PFX:

Combine our private key file (*.pvk) with the SPC into a PFX:

>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f

提示输入私钥文件密码，输入密码，然后单击确定"

ERROR: Cannot find certificates that match the key.
(Error Code = 0x80070490).

怎么了?

注意:

• 我们使用相同的私钥文件(* .pvk)已有十年了
• 今年Thawte给了我们 2年证书；而不是通常的1年
• 今年Thawte将其签名证书从 Thawte Code Signing CA 更改为 Thawte Code Signing CA - G2
• Google说没人曾收到错误找不到与密钥匹配的证书.

• Windows SDK仅包含对错误代码0x80070490的两个引用:

• we've used the same private key file (*.pvk) for a decade
• this year Thawte gave us a 2-year certificate; rather than the usual 1-year
• this year Thawte changed their signing certificate from Thawte Code Signing CA to Thawte Code Signing CA - G2
• Google says that nobody has ever gotten the error Cannot find certificates to match the key.

• The Windows SDK only contains two references to the error code 0x80070490:

• Visual Foxpro Windows头文件(vfwmsgs.h):

//
// MessageId: E_PROP_ID_UNSUPPORTED
//
// MessageText:
//
// The specified property ID is not supported for the specified property set.%0
//
#define E_PROP_ID_UNSUPPORTED            ((HRESULT)0x80070490L)

几乎可以肯定这是一条红鲱鱼； Foxpro?

Which is almost certainly a red herring; Foxpro?

在RSS屏幕保护程序示例(RssItem.cs)中注释了代码

commented out code in the RSS screensaver sample (RssItem.cs)

// "Element not found. (Exception from HRESULT: 0x80070490)"

几乎也肯定是一条红鲱鱼； XML?

Also almost certainly a red-herring; XML?

推荐答案

事实证明，今年我们获得了一个新的私钥.

Turns out that this year we were given a new private key.

好吧，您不是给予私钥，证书+密钥是通过浏览器获取的，并存储在证书存储区中.从那里我们可以导出一个.PFX(一个pfx包含一个证书和一个私钥).

Well, you're not given a private key, the certificate+key is fetched through the browser and stored in a certificate store. From there we can export a .PFX (A pfx contains a certificate and a private key).

从浏览器的证书存储区导出此PFX后，我们可以直接使用它与signtool签署代码.

With this PFX exported from the browser's certificate store, we can use it directly to sign code with signtool.

注意:我们实际上是嘴，并经过了以下步骤:

Note: We were actually gluttons for punishment, and went through steps:

+--[.pfx]---+     +--[.cer]---+     +--[.spc]---+           +--[.pfx]---+
|Certificate|====>|Certificate|====>|Software   |=========> |Certificate|
|    +      |     +-----------+     |Publishing |           |     +     |
|Private Key|==+       +            |Certificate|   +=====> |Private Key|
+-----------+  |                    +-----------+   |       +-----------+
               |                                    | 
               |                                    |
               |  +--[.pem]---+     +--[.pvk]---+   |
               +=>|Private Key| ==> |Private Key|===+
                  +-----------+     +-----------+

但是那条路给我们的是一个私有密钥文件(*.pvk)，该文件没有密码保护；因此signtool可以在无需用户干预的情况下运行.

But all that route gave us was a private key file (*.pvk) that wasn't protected with a password; so signtool could run without user interaction.

但是这个问题的答案是:私钥与证书不匹配.

But the answer to this question was: The private key doesn't match the certificate.

这篇关于PVK2PFX错误0x80070490-找不到与密钥匹配的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！