Code signing question
Mihkel Tammepuu
ott.tammepuu at skype.net
Wed Dec 19 02:44:26 PST 2007
At 5:27 PM -0500 12/18/07, Edward J. Stembler wrote:
>I imported my certificate from a .p7b file.
>
>When I created a sample self-signed root certificate -- which worked
>-- I noticed the private key is part of the certificate in the
>keychain. My imported Authenticode certificate doesn't show a
>private key in the keychain. I know on the Windows side, the
>private key was stored in a separate (binary) file; something like:
>myprivatekey.pvk.
>
>In any case, I have en e-mail out to VeriSign to see if they have
>any guidance or instructions...
>
Indeed, you must have private key and public key, and they should
look similar to what you get by creating self signed root cert. It is
very important - that the certificate is intended for use for
codesigning i.e. it must contain Extensions like:
Extension Key Usage
Usage Digital Signature
Extension Extended Key Usage
Purpose #1 Code Signing
when viewed in Keychain Access
If these extensions are not present then codesign does not recognize
the identity, you have to request a new certificate from your CA or
switch to another CA if they are not able to generate a proper one.
//
Mihkel Tammepuu
Skype
--
More information about the MacOSX-dev
mailing list