471,122 Members | 851 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,122 software developers and data experts.

Some questions on code signing with smartcard

I have a couple of questions around code signing with MS technology:

1. Is there a way to transfer the generated strong name signing private key
directly to a smartcard (or generate it on the smart card), without the
unsecure intermediate storage to the filesystem using sn -k and sn -i?

2. What is the format of the key files produced by sn -k and sn -p?

3. Is there a way to generate a PKCS#10 format certificate request from the
sn -p public key for generation of a certificate with the Windows2003 server

4. Is there any other way to generate a certificate with the Windows 2003
server CA from a sn -p public key?

5. How/what for can the certificate that is generated using Windows 2003
server CA and the Code Signing template be used? SN signing? Authenticode
signing? DOTNET strong name signing? Sth else?

6. How do I write the certificate and private key that is generated using
Windows 2003 server CA and the Code Signing template to a smart card (for
this template the private key is marked non-exportable)?

7. How do I generate an authenticode SW publisher cert using the Windows
2003 server CA (without involving an external CA such as Verisign)?

8. For 7, how do I get that private key onto a smartcard?
After some additionl experimentation, it seems that 6/7/8 could be solved if
I was able to either

9. Create the new key pair for a Code Signing cert in the Windows CA
directly into the smartcard using the smartcard CSP. Problem: I can in this
user interface onyl select one of the three Windows CSPs, but not my
smartcard CSP.


10. Use for the generation of a Code Signing cert in the Windows CA a
preexisting key pair in a container on my smartcard, which I generated either
using sn -k/sn -i, or using makecert (diregarding the test cert). Again, this
approach fails because I can not select the smartcard CSP as key source.

Thanks for any help/guidance!

Best regards,
Aug 25 '05 #1
1 2952
Hi Martin,

1. As far as I know, sn -k can only generate key file on disk and then
import it to smart card hardware.
2. The key file is a binary file which contains the key.

Please try to post in microsoft.public.windows.server.security for Windows
2003 server questions. Thank!

Kevin Yu
"This posting is provided "AS IS" with no warranties, and confers no

Aug 26 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Karl Irvin | last post: by
162 posts views Thread by techievasant | last post: by
193 posts views Thread by Michael B. | last post: by
1 post views Thread by FE-FR | last post: by
reply views Thread by Senshodan | last post: by
3 posts views Thread by jay | last post: by
4 posts views Thread by David Thielen | last post: by
6 posts views Thread by raylopez99 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.