How to Convert an Exported PFX File to PVK & SPC Files [A Detailed Guide]

convert exported pfx file to pvk spc

A single code signing certificate can work on various machines. However, you need to convert it into the respective format. Here we will see how to convert an exported PFX File to PVK and SPC Files on Windows!

If the name of the files listed in the title perplexes you, no need to worry. They are related to code signing and have a critical role to play. Code signing is a process in which developers use a digital code signing certificate to sign the code or software made by them. This certificate is provided to them by an authenticated certificate authority.

However, it is not that easy to get the code signing certificate. You have to prove your identity to the certificate authority to get the certificate. And there is a strict vetting process if you are applying for an EV certificate.

Now, we are clear about code signing, but what are these PFX, SPC, and PVK files? You must be so keen to find out, right? Let’s move ahead and learn about them and how you can use them for your benefit.

What is a PFX, PVK, and SPC file?

So, what are these files with strange names? Let’s find out!

PFX File: Number one on the list is the PFX file. The PFX file is the PKCS#12 format file that contains the SSL certificate, certificate chains, root authority certificates, private keys, and the intermediate certificate authority to prove the legitimacy of the certificate. This file is primarily in the encrypted format and used by browsers or the PC for checking the authenticity of the software.

PVK File: PVK is a proprietary format of the file which is used to store private keys for code signing for various Microsoft products.

SPC File: A SPC file is a digital certificate file made in PKCS # 7 format. Just like files like .ssp, .cer, and .p7c, the SPC file is used to store the public key information, which is encrypted with a private key.

So, this is a brief overview of the files that are used behind the scenes in the code signing process.

Why do you need to convert the PFX file?

Many of you might have this question popped up in your mind, why do you need to convert the PFX file? Well, there are some reasons for that! Here is the most important one.

The PFX file is in an encrypted form when it is fetched from the CA. However, if you want to use the same PFX file on another system or PC, you won’t download a new one, right? Hence, it is best to export and convert it into an unencrypted form to use in another system.

How to convert PFX to PVK and SPC files?

So, if you want to convert the PFX file to PVK and SPC based for use in a browser, here is the detailed process!

Step 1. Export the code signing certificate from Internet Explorer

Before you convert the PFX file to PVK or any other forms, it is necessary to export the PFX file from the previous browser, or should we say the default browser. When you install the code signing certificate on your device, it is always installed on the default browser. Hence, if you are using a different browser like Firefox or Google Chrome, you may have to export it.

As Internet Explorer is the default Microsoft browser, you have to export it to use it in another browser. Here are the steps to export the certificate from Internet Explorer!

  • Begin by clicking on Tools from the hamburger menu in the top-right corner.
  • Click on Internet Options.
  • The following window will show you the Content tab; click on it and then on Certificates.
  • Choose the certificate you want to export from the list and click on Export.
  • Click Next.
  • Click Yes, export the private key, and then click Next. (if the option Yes, export the private key is not there, go to check the certificate)
  • Opt for the “personal information exchange” option and then “Include all certificates in the certification path if possible.
  • Select the “export all extended properties” option. Select the “delete the private key if the export is successful” option unless you want to leave a copy of the private key in the certificate store.
  • Click Next. If prompted, enter the password twice and select the location where you want to save the file.
  • Click on Next.
  • Click Finish and then Ok.

Step 2. Install the prerequisites

Ok, so you have successfully exported the certificate on your PC from the browser. It is time to convert it. To convert the PFX file to PVK and SPC, you need to have the following tools.

  1. OpenSSL: OpenSSL is a crucial tool that you need to have on your PC with an SSL certificate.
  2. PVK Transform Utility: This is another crucial utility that you need to have on your PC for successful conversion.

Step 3. Convert an exported PFX File to PVK and SPC Files

Here are the steps to convert the PFX files to PVK and SPC files.

1. Open the command prompt and type in the following command, and hit Enter.

openssl pkcs12 -in inf.pfx -nocerts -nodes -out outf.pem

Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name. Enter your PFX password if required.

2. Type the following command in the command prompt and push Enter.

pvk -in inf.pem -topvk -out outf.pvk

Keep the PEM file name in place of the inf.pem and the desired PVK file name in place of outf.pvk.

3. In the command prompt, type the following and press Enter.

openssl pkcs12 -in inf.pfx -nokeys -out outf.pem

Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name.

4. Type the following command in the command prompt and press Enter.

openssl crl2pkcs7 -nocrl -certfile inf.pem -outform DER -out outf.spc

Replace inf.pem with the PEM file created and outf.spc with the required SPC file name.

Now, you can use these files in your code signing process across browsers.

Conclusion of Convert an exported PFX Code Signing File to PVK and SPC Files

These files may not seem that important, but they actually are. You see, the PVK file has the private keys, while the SPC file has the public keys. Both of these keys are necessary for cryptography which is the savior of your data. Moreover, they also make usage of code signing certificates easy to use across different systems and browsers.