Some time ago I installed my PFX key into Container using command like this:
sn -i mykey.pfx VS_XXX
but two months later I forgot the Container name (VS_XXX), so my question is:
How to get than name back? I know key name, I have this key, I know the key pass phrase.
Download the Keypal utility and double click it, you will find all the names of the key containers. You can choose between user profile and machine profile.
Alternatively, enumerate the certificate store to find the certificate of interest via its subject and then you can use CertGetCertificateContextProperty to get the value for PCERT_KEY_PROV_INFO_PROP_ID. This approach requires the use of Microsoft's cryptoAPI
you could just re-install the key with a new container name:
sn -i mykey.pfx VS_ABAB1234ABAB1234
Update for 2021: Found answer here https://stackoverflow.com/a/59999581/9862613
You can get the container name using SnInstallPfx tool:
SnInstallPfx.exe yourKey.pfx
Related
I have a pretty simple scenario/requirement:
Generate RSA private/public key pair through OpenSSL or any online RSA key pair generator
Save the private key to the windows internal store (so it does not lay around as just a file somewhere
Create a PowerShell script, that looks into the store, locates the key, and uses it.
(basically, I will have a PS script, to which I send a 3rd party tool already encrypted password, and I expect that PS script to decrypt that password using a locally stored private key and use it on-the-fly)
This so far showed an unreachable goal, because:
I haven't found a way, how to import .pem file with the key
.cer file apparently does not contain the key
the only way (so far what I have found) how to import the key is conversion to .pfx file, which can be imported, BUT
.pfx file cannot be read as plain text - there seems to be no reasonable way from Powershell to locate the key and read it for usage in decryption
there is a module PSPKI, but it seems to accept the file and not the stored/installed certificate/key.
So anyone has any idea, how can I import a simple private key to Windows for later read-out from PowerShell for further usage?
Thank you!
Have a look at this class to load the PFX: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2?view=net-7.0
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\my.pfx", "password");
Next step is to open the store. After you checked which one fits best (machine or user) you can use X509Store to read and write there. Do not forget the Open method. When a certificate with private key (off) is added the key ist stored and the file can be deleted.
Am using https://www.pwabuilder.com/ to generate .apk file for uploading to Google Play Store.
Was able to successfully Create New and add PWA for first time to the Play Store, however some updates have been made and now need to update the PWA with latest updates.
For updating a existing app through PWAbuilder, need to change Options:
and for the Signing key section, then need to select the Use mine option:
How to get the Key file for the Signing key section?
and where to find the Key alias + Key password + Key store password?
Am having trouble finding answer specifically for this situation so if you can, please also share screenshots to help be more clear & specific.
Okay so I misunderstood and thought this key file and info is found through the Google Play Console, however when reading issue on https://github.com/pwa-builder/PWABuilder/issues/961 I came across the post by user xet7 and that contains 6 steps and I realized with their step 5:
You will get .zip file that has key file like signing.keystore that has random data, and signingKey-readme.txt that has your passwords.
so I went back to my original .zip received from PWAbuilder website during initial uploading to Google Play and found those two files:
In the signing-key-info.txt you will find the info needed for PWAbuilder's Android Package Options to fill in the Signing key section input fields: Key alias + Key password + Key store password
and the signing.keystore is the file we need for the Key file that needs to be included.
Also, make sure to update App version code and update other fields and can hit DONE button!
I have been trying to create certificates with the subjectAltName of the type /subjectAltName=DNS.1=www.domain.net,DNS.2=*.www.domain.net but when I view the key only the CN I set is displayed, ie www.domain.net.
Is the syntax I am using for the subjectAltName wrong, or is adding the subjectAltNames from ta configuration file the only way to accomplish that?
You can put the alt names into the config lie you stated. Why do you need it otherwise anyways?
If you are too tired of always changing the config's contents, just write a shell or bash script to ask you for the input and to edit the file and roll the certificates afterwards I guess
We have a perl program that generates gpg encrypted files for multiple folks.
Today, we added dan#example.com.
When I run the encryption script, it happily encrypts the file for dan#example.com using jordan#example.com. This is presumably because jordan#example.com was in my keyring first.
I've tested from the command line, and if I use gpg -r dan#example.com --encrypt foo.txt, the friendly client chooses to use the public key for jordan#example.com, instead of the more explicit dan#example.com.
Of course, if I use key ids it works, but that's not really what we've got here. Is there a way to tell gnupg to use the more explicit email address without resorting to key ids?
This is documented in the manual page that comes with gpg. Section "HOW TO SPECIFY A USER ID" you find the option "By exact match on an email address.". So the answer to your question is to use angle braces such as <dan#example.com>.
I saved a publish profile into an .xml along wit all the login info. But when i import this XML to another computer and try to publish, it'll say that my password is incorrect.
What can I do to have the password correctly saved into the publish profile and compatible with other computer?
My guess is that the program purposely obfuscates the passwords using the current PC's "salt" and generates a unique hash. Thus, preventing the passwords from being stolen via the profile publish function.
As mentioned by user1785999, you can save the password in plain text, just add the password element to your .pubxml file:
<UserName>YourName</UserName>
<Password>YourPassword</Password>
If you want the publishing profile to work across different computers, you need to save the password in plain text.
Just to add an additional answer, this may be version specific for .pubxml, but you can add these line to ensure visual studio save the password.
Make sure to use the ".\" prefix for a local account, and "domain\" prefix for an Active Directory account.
<UserName>.\PubUser1</UserName>
<UserPWD>Password1234</UserPWD>
<_SavePWD>True</_SavePWD>