Convert .pfx (p12) certificate to a .pvk + .spc

Steps required to convert .pfx (p12) to .pvk + .spc

Follow all of these steps carefully to convert your .PFX (p12) certificate to a .pvk + .spc combination on Windows®

Microsoft® Wizard

Use the Microsoft® export wizard with the following options:

• Export Private Key

• DO NOT TICK "include all certificates in the certification path if possible"

• TICK "enable strong protection"

• DO NOT TICK "delete private key"

• Prerequisite: OpenSSL

Note: If you are running Windows® you may download OpenSSL here [1]. Otherwise, you can find compiled binaries directly from the OpenSSL [1] website or consult your Operating System's package management feature.


Extracting the private key

• Extract your private key from the pfx file: -> openssl pkcs12 -in (pfx-file) -nocerts -nodes -out (pem-key-file)

• Example: ->openssl pkcs12 -in SOMETHING.pfx -nocerts -nodes -out SOMETHING.PEM

The PFX password will be asked.

• Download the PVK transform utility. This file can be found here [2]: -> pvk -in(pem-key-file) -topvk -out (pvk-file)

• Example: -> pvk -in SOMETHING.PEM -topvk -out SOMETHING.pvk

• Extract your certificates from the PFX file: -> openssl pkcs12 -in (pfx-file) -nokeys -out (pem-certs-file)

  • Example: -> openssl pkcs12 -in SOMETHING.pfx -nokeys -out SOMETHING_CERTS.pem

The PFX password will be asked.

• Transform your PEM file to a SPC file
  -> openssl crl2pkcs7 -nocrl -certfile (pem-certs-file) -outform DER -out (spc-file)

• Example: -> openssl crl2pkcs7 -nocrl -certfile SOMETHING_CERTS.pem -outform DER -out SOMETHING.SPC

Using the Microsoft® Authenticode® Certificate

In order to use the Microsoft® Authenticode® Certificate to sign VBA projects you will need to import the .pvk and .spc file into your registry using a tool called pvkimprt and then export the keys as a .pfx file which you can import into your browser, this will then allow you to add the signature to the VBA Macros using the Visual Basic editor.

To download pvkimprt.exe directly from Microsoft®, see the following url: http://www.microsoft.com/downloads/details.aspx?FamilyID=f9992c94-b129-4... [3] or download it from here [4].

The pvkimprt.exe is a self extracting file, with the same name as the tool you will use to import the files. Make sure you install the file before running the pvkimprt command.


Importing the files

To import the files using pvkimprt.exe, you must reference the full path for your .spc and .pvk files.

You will then be prompted for the Private Key password you specified when you generated the Private Key file.

• Once the keys have been imported into the registry you will need to export the private key and certificate attached together as a .pfx file using the pvkimprt tool.

• To export the keys as a .pfx file using pvkimprt.exe: c:\pvkimprt -pfx cert.spc key.pvk

• It will bring up the export wizard, in the first window tick 'Yes' to export the private key, in the second window untick the option 'Enable strong protection..' and tick the option 'Include all certificates in the certification path if possible', then click next, in the third window specify a private key password (do not forget it), in the forth window click 'browse' and save the file to your desktop, click next and finish

• Once done, go to your IE properties, click on Tools > internet options > content > certificate > remove, and remove the certificate from the Personal Certificate store. Once completed import the backup file(.pfx) you created above into your IE browser. Then go to Tools > internet options > content > certificates > import, import the backup file(.pfx), during the import process mark the private key as exportable

Signing with the Vidual Basic Editor

To sign the files using the Visual Basic Editor:

• Open up the Visual Basic Editor

• Highlight the project you wish to sign

• Select the Tools > Digital Signature option

• Choose 'My Organization' as the certificate you wish to use for signing, but make sure that the 'you have a private key corresponding to this certificate' text appears

• Click "Ok"

• Go to the File click "Save" and save the file before exiting the VB Editor