How to create a public/private key pair for signing files.
1, Use makecert.exe to create a certificate and a private key file. For example:
> makecert -sv aladdin.pvk -a sha1 -len 1024 -sky signature -n "CN=CDC, O=Philips Medical Systems" aladdin.cer
As the output, this command creates aladdin.cer as certificate file and aladdin.pvk as the private key file. The algorithm is SHA1 and the key length is 1024.
2, Use cert2spc.exe to convert .cer (X.509 certificate) file into .spc (Software Publisher Certificate) file, as follows:
> cert2spc aladdin.cer aladdin.spc
3, Use pvk2pfx.exe to combine the .spc file and .pvk file into .pfx (Personal Information Exchange) file, as follows:
> pvk2pfx -pvk aladdin.pvk -spc aladdin.spc -f -po ******** -pfx aladdin.pfx
The '*'s is the password to protect the pfx file.
4, Use signfile.exe to sign executable files with the .pfx file. For example, to sign a file named ostest.exe:
> signfile -fostest.exe -xaladdin.pfx -ppubkey.h -w********
Here the '*'s following the option -w is the password you enter when creating the .pfx file.
