PVK2PFX 错误 0x80070490 - 找不到与密钥匹配的证书
我们从 Thawte 获得了新的证书 (*.cer) 文件,并且我完成了标准程序以允许它与代码签名一起使用。
如果我使用旧的(工作)证书:
将证书 (.cer) 转换为软件发布证书 (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc 成功了将我们的私钥文件 (*.pvk) 与 SPC 合并为 PFX:< /p>
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f提示输入私钥文件密码,输入密码,单击“确定”
以及我们很乐意 去;准备使用 signtool。
我们现在有了新证书,我遵循相同的过程:
将证书 (.cer) 转换为软件发布证书 (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc 成功了将我们的私钥文件 (*.pvk) 与 SPC 合并为 PFX:< /p>
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f提示输入私钥文件密码,输入密码,单击“确定”
错误:找不到与密钥匹配的证书。 (错误代码 = 0x80070490)。
出了什么问题?
注意:
- 我们已经使用同一个私钥文件 (*.pvk) 十年了
- ,今年 Thawte 给了我们一个2 年证书; 而不是通常的 1 年
- 今年 Thawte 将其签名证书从
Thawte Code Signing CA更改为Thawte Code Signing CA - G2, - Google 表示没有人遇到无法找到与密钥匹配的证书的错误。
Windows SDK 仅包含对错误代码的两个引用
0x80070490:Visual Foxpro for Windows 头文件 (
<前><代码>// // MessageId: E_PROP_ID_UNSUPPORTED // // 消息文本: // // 指定的属性集不支持指定的属性 ID。%0 // #define E_PROP_ID_UNSUPPORTED ((HRESULT)0x80070490L)vfwmsgs.h):这几乎肯定是转移注意力; Foxpro?
注释掉 RSS 屏幕保护程序示例中的代码 (
RssItem.cs)//“未找到元素。(HRESULT 异常:0x80070490)”几乎可以肯定这是一个转移注意力的事情; XML?
0x80070490的十进制版本是-2147023728
We got our new certificate (*.cer) file from Thawte, and i went through our standard procedures to allow it for use with code signing.
If i use our old (working) certificate:
Convert certificate (.cer) into Software Publishing Certificate (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc SucceededCombine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -fprompts for private key file password, enter it, click OK
And we're good to go; ready to use signtool.
We now have our new certificate, and i follow the same procedure:
Convert certificate (.cer) into Software Publishing Certificate (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc SucceededCombine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -fprompts for private key file password, enter it, click OK
ERROR: Cannot find certificates that match the key. (Error Code = 0x80070490).
What's going wrong?
Notes:
- we've used the same private key file (*.pvk) for a decade
- this year Thawte gave us a 2-year certificate; rather than the usual 1-year
- this year Thawte changed their signing certificate from
Thawte Code Signing CAtoThawte Code Signing CA - G2 - Google says that nobody has ever gotten the error Cannot find certificates to match the key.
The Windows SDK only contains two references to the error code
0x80070490:Visual Foxpro for Windows header file (
vfwmsgs.h):// // MessageId: E_PROP_ID_UNSUPPORTED // // MessageText: // // The specified property ID is not supported for the specified property set.%0 // #define E_PROP_ID_UNSUPPORTED ((HRESULT)0x80070490L)Which is almost certainly a red herring; Foxpro?
commented out code in the RSS screensaver sample (
RssItem.cs)// "Element not found. (Exception from HRESULT: 0x80070490)"Also almost certainly a red-herring; XML?
- decimal version of
0x80070490is-2147023728
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
事实证明,今年我们得到了一把新的私钥。
好吧,您没有获得私钥,证书+密钥是通过浏览器获取并存储在证书存储中的。从那里我们可以导出
.PFX(pfx包含证书和私钥)。通过从浏览器的证书存储区导出此 PFX,我们可以直接使用它通过
signtool对代码进行签名。注意:我们实际上是贪图惩罚的人,并经历了以下步骤:
但是该路线给我们的只是一个私钥文件(
*.pvk),该文件不受保护密码;因此,signtool无需用户交互即可运行。但这个问题的答案是:私钥与证书不匹配。
Turns out that this year we were given a new private key.
Well, you're not given a private key, the certificate+key is fetched through the browser and stored in a certificate store. From there we can export a
.PFX(Apfxcontains a certificate and a private key).With this PFX exported from the browser's certificate store, we can use it directly to sign code with
signtool.Note: We were actually gluttons for punishment, and went through steps:
But all that route gave us was a private key file (
*.pvk) that wasn't protected with a password; sosigntoolcould run without user interaction.But the answer to this question was: The private key doesn't match the certificate.