1.13 Create and Trust a Test Software Publisher Certificate

Previous page
Table of content
Next page

Problem

You need to create an SPC for testing.

Solution

Use the Certificate Creation tool (makecert.exe) to create a test X.509 certificate and the Software Publisher Certificate Test tool (cert2spc.exe) to generate an SPC from this X.509 certificate. Trust the root test certificate using the Set Registry tool (setreg.exe).

Discussion

To create a test SPC for a software publisher named Allen Jones, first create an X.509 certificate using the Certificate Creation tool. The command makecert - n "CN=Allen Jones" -sk MyKeys TestCertificate.cer creates a file named TestCertificate.cer containing an X.509 certificate and stores the associated private key in a CSP key container named MyKeys (which is automatically created if it does not exist). Alternatively, you can write the private key to a file by substituting the -sk switch with -sv . For example, to write the private key to a file named PrivateKeys.pvk use the command makecert -n "CN=Allen Jones" -sv PrivateKey.pvk TestCertificate.cer . If you write your private key to a file, the Certificate Creation tool will prompt you (as shown in Figure 1.5) to provide a password with which to protect the private key file.


Figure 1.5: Certificate Creation tool requests a password when accessing file-based private keys.

The Certificate Creation tool supports many arguments, and Table 1.3 lists some of the more useful ones. You should consult the .NET Framework SDK documentation for full coverage of the Certificate Creation tool.

Table 1.3: Commonly Used Switches of the Certificate Creation Tool

Switch

Description

-e

Specifies the date when the certificate becomes invalid

-m

Specifies the duration ”in months ”that the certificate remains valid

-n

Specifies an X.500 name to associate with the certificate. This is the name of the software publisher that people will see when they view details of the SPC you create

-sk

Specifies the name of the CSP key store in which to store the private key

-ss

Specifies the name of the certificate store where the Certificate Creation tool should store the generated X.509 certificate

-sv

Specifies the name of the file in which to store the private key

Once you have created your X.509 certificate with the Certificate Creation tool, you need to convert it to an SPC with the Software Publisher Certificate Test tool (cert2spc.exe). To convert the certificate TestCertificate.cer to an SPC, use the command cert2spc TestCertificate.cer TestCertificate.spc . The Software Publisher Certificate Test tool doesn't offer any optional switches.

The final step before you can use your test SPC is to trust the root test CA, which is the default issuer of the test certificate. The Set Registry tool (setreg.exe) makes this a simple task with the command setreg 1 true . When you have finished using your test SPC, you must remove trust of the root test CA using the command setreg 1 false . You can now Authenticode sign assemblies with your test SPC using the process described in recipe 1.12.



Previous page
Table of content
Next page
C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266
BUY ON AMAZON
Cisco Voice Gateways and Gatekeepers
Information Dashboard Design: The Effective Visual Communication of Data
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy