如何从.SPC（代码签名证书）和.PKCS12（私钥）生成PKCS12（.p12）？ [英] How to generate a PKCS12 (.p12) from a .SPC (code signing certificate) and .PKCS12 (private key)?

问题描述

我有GoDaddy的代码签名证书（SPC）文件。该文件是根据现有的私钥生成的：

I have a code-signing certificate (SPC) file from GoDaddy. The file was generated from an existing private key:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvcG2SEalg9pvkTvtMI8cZg07tVA0RuK7LeGlFdk1smXgqrsH
.... snipped ....
MURwR0FXgNAuFNQ0yBNFNW2+o9uBceLuCSUalgi4pQw1uBmP5QkUYA==
-----END RSA PRIVATE KEY-----

我生成了证书签名请求，并将其发送给GoDaddy：

I generated a certificate signing request and sent this to GoDaddy:

-----BEGIN CERTIFICATE REQUEST-----
MIICiDCCAXACAQAwQzFBMD8GCSqGSIb3DQEJARYyYXBwbGVAdGVrNC1uZXdtZWRp
.... snipped ....
nJwd9pSDPuYaNHl33N1BJkXFusG7ta0D6UjisA==
-----END CERTIFICATE REQUEST-----

GoDaddy然后向我返回了一个SPC文件。我的研究表明，通常您会拥有一个SPC / PVK对，但显然我的私钥不是PVK类型的。
我尝试了几种方法（pvkimprt，pvk2pfx，openssl，keytool），但似乎无法在没有证书（SPC）和私钥的情况下将我的密钥单独转换为PVK类型或将SPC转换为PKCS12类型在单个密钥库中。

GoDaddy then returned me an SPC file. My research shows that typically you'd have a SPC/PVK pair but obviously my private key isn't of PVK type. I've tried several methods (pvkimprt, pvk2pfx, openssl, keytool) but can't seem to convert my key to PVK type or my SPC to a PKCS12 type independently without both the certificate (SPC) and private key being in a single key-store.

我似乎需要一步执行的命令是：
openssl pkcs12 -in cert_from_godaddy.spc -inkey private.key -export -out full_code_signing_chain.pkcs12

The command that I appear to need to do this in one step is: openssl pkcs12 -in cert_from_godaddy.spc -inkey private.key -export -out full_code_signing_chain.pkcs12

但是，运行得到的只是：
将屏幕加载到随机状态-完成
没有证书与私钥匹配

However, running that I just get: Loading 'screen' into random state - done No certificate matches private key

但是，证书（SPC）用于私钥。我在做什么错了？！

But, the certificate (SPC) is for the private key. What am I doing wrong?!

背景：我正在尝试生成Adobe AIR应用程序的.p12文件符号

Background: I'm trying to generate a .p12 file sign an Adobe AIR application

推荐答案

老实说，我根本无法理解您要尝试执行的操作。

To be honest I can not understand at all what you are trying to do.

您取回了SPC文件，该文件只是带有证书的＃PKCS7 der编码。

You got back the SPC file which is just the #PKCS7 der encoding with your certificate.

您还拥有私钥。

所有您需要做的就是将证书导入pkcs12密钥库，以获取带有私钥的签名证书。

All you need to do is import the certificate to the pkcs12 keystore to have the signed certificate with your private key.

这篇关于如何从.SPC（代码签名证书）和.PKCS12（私钥）生成PKCS12（.p12）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！