Export of private keys and certificates?

Discussion in 'other security issues & news' started by mayank_3103, Nov 2, 2007.

Thread Status:
Not open for further replies.
  1. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    hi all,
    can anyone tell the procedure to export my private keys and certificates to the other system.

    I am working with windows Vista. Every time I do that i lost my digital signature in the other computer. And the property window of my application shows that the digital signature is to be verified.

    I am terified. please help me out of this.



    Thanks in advance....
     
  2. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    Maybe this will help:
    This is the procedure for WinXP, but maybe you can figure out for yourself how to do this in Vista:

    procedure to export the key:

    Start the Microsoft Management Console (MMC) (Start, Run, MMC).
    From the File menu, select Add/Remove Snap-in.
    Select the Standalone tab and Click Add.
    Select Certificates and click Add. Click Close.
    Click OK to the main Add/Remove Snap-in dialog box.
    Select Certificates, Current User, Personal, Certificates.
    In the right pane, right-click the certificate you want to export
    select All Tasks, Export, from the context menu.
    Click Next to the Export Wizard welcome dialog box.
    Select "Yes, export the private key" and click Next.
    Leave the default export options and click Next.
    Enter a password for the export and click Next.
    Enter a location and name for the exported key and click Next.
    Click Finish in the summary dialog box.
    Click OK to the export confirmation dialog box.


    Copy the export key file to the other machine and perform the following steps to import the key:

    Start the MMC console (Start, Run, MMC).
    From the File menu, select the Add/Remove snap-in.
    Select the Standalone tab and click Add.
    Select Certificates and click Add, then click Close.
    Click OK to the main Add/Remove Snap-in dialog box.
    Select Certificates, Current User, Personal, Certificates.
    Right-click Certificates and select Import from the context menu.
    Click Next at the Import Wizard welcome screen.
    Enter the name of the file to import and click Next.
    Enter the password for the export file and, optionally, select the check box to enable the key to be exportable again in the future. Click Next.
    Select the option to store the certificate in the default Personal store and click Next.
    Click Finish to complete the import.
    Click OK to the import confirmation message.



    Source:
    http://www.windowsitpro.com
     
    Last edited: Nov 3, 2007
  3. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    thanks dear,

    Sorry for the delay..

    I m finding some problems in ur steps mentioned.In ur first procedure after 4th step i didnt find the way. please can u describe tat in little bit in detail. do u no where these mmc entries are made in the registry editor. do u no the workiing of mmc in registry. so that i dont hav to use mmc for import and export of these keys.
    Is there any other way to do this apart from using mmc.

    thanks...
     
    Last edited: Nov 6, 2007
  4. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    I digitally signed my application to just check whether its working on windows vista or not. I did that with the help of self signing code tool, and a windows application MMC.exe. It worked fine. But after 3 days later my windows got currupted and i changed my hard disk.

    I transfered all my data this new hard disk. But that application which i signed manually, now showing that the digital signature is not veryfied, even i transfered all my private and public keys and copied them with existing one. Then i got the msg that ur digital signature has been tempered ...... somethind like that.

    May i no how can i get back my digital signature for that file and if not possible then how to export a digitally signed application to the other system.

    Thanks in advance.
     
    Last edited: Nov 6, 2007
  5. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    Is there any other way without this MMC wizard?
     
  6. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    I can't give you the correct answer, but a search on the internet brought me to the Microsoft Developer Network.

    An explanation about MMC Registry Entries you'll find here

    I really don't know. :doubt:
     
  7. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    thanks buddy,
    I hav already gone through these, but the problem is that how should i carry my self signed application to another computero_O i tried by taking that exe along with all keys and certificates, still it showed me the digital signature missing....
     
  8. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    "Windows cannot determine the validity of this certificate because it cannot locate a valid certificate revocation list from one or more of the certification authorities in the certification path." What does this meano_Oo_O
     
  9. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    This behavior may occur if Office XP verifies a digital signature, Office XP will try to verify the certificate revocation list on the root certification authority (CA). Because the certificate revocation list of a CA is self-signed, many root CAs will not provide a certificate revocation list. However, if a verification of the root CA certificate revocation list is requested, a non-existent certificate revocation list may result in a message that indicates the risk of a certificate that is not valid.

    If the program makes the request, Windows will try to verify the certificate revocation list. However, because a certificate revocation list for the root CA is not verified, Office XP does not request a certificate revocation list of the root CA, regardless of the request by Office XP.

    Source (and workaround)
     
  10. mayank_3103

    mayank_3103 Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    16
    what should i do to make my application verified on the other system.I have already done lots of research work in this and i am finding the same thing.

    That is, to deal with those paid third party certificates providers(such as Thawte, verisign etc.). They will give the certification then only i will be able to run my program on the other system.

    But for these demo projects i m not willing to pay them. Can u help me in referring in those sites where i can find those article regarding import code or script for my application.
     
Loading...
Thread Status:
Not open for further replies.