(6 votes, average: 5.00 out of 5)
If the name of the files listed in the title perplexes you, no need to worry. They are related to code signing and have a critical role to play. Code signing is a process in which developers use a digital code signing certificate to sign the code or software made by them. This certificate is provided to them by an authenticated certificate authority.
However, it is not that easy to get the code signing certificate. You have to prove your identity to the certificate authority to get the certificate. And there is a strict vetting process if you are applying for an EV certificate.
Now, we are clear about code signing, but what are these PFX, SPC, and PVK files? You must be so keen to find out, right? Let’s move ahead and learn about them and how you can use them for your benefit.
So, what are these files with strange names? Let’s find out!
PFX File: Number one on the list is the PFX file. The PFX file is the PKCS#12 format file that contains the SSL certificate, certificate chains, root authority certificates, private keys, and the intermediate certificate authority to prove the legitimacy of the certificate.
This file is primarily in the encrypted format and used by browsers or the PC for checking the authenticity of the software.
PVK File: PVK is a proprietary format of the file which is used to store private keys for code signing for various Microsoft products.
SPC File: A SPC file is a digital certificate file made in PKCS # 7 format. Just like files like .ssp, .cer, and .p7c, the SPC file is used to store the public key information, which is encrypted with a private key.
So, this is a brief overview of the files that are used behind the scenes in the code signing process.
Many of you might have this question popped up in your mind, why do you need to convert the PFX file? Well, there are some reasons for that! Here is the most important one.
The PFX file is in an encrypted form when it is fetched from the CA. However, if you want to use the same PFX file on another system or PC, you won’t download a new one, right? Hence, it is best to export and convert it into an unencrypted form to use in another system.
So, if you want to convert the PFX file to PVK and SPC based for use in a browser, here is the detailed process!
Before you convert the PFX file to PVK or any other forms, it is necessary to export the PFX file from the previous browser, or should we say the default browser. When you install the code signing certificate on your device, it is always installed on the default browser. Hence, if you are using a different browser like Firefox or Google Chrome, you may have to export it.
As Internet Explorer is the default Microsoft browser, you have to export it to use it in another browser.
Here are the steps to export the certificate from Internet Explorer!
Ok, so you have successfully exported the certificate on your PC from the browser. It is time to convert it. To convert the PFX file to PVK and SPC, you need to have the following tools.
Here are the steps to convert the PFX files to PVK and SPC files.
1. Open the command prompt and type in the following command, and hit Enter.
openssl pkcs12 -in inf.pfx -nocerts -nodes -out outf.pem
Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name. Enter your PFX password if required.
2. Type the following command in the command prompt and push Enter.
pvk -in inf.pem -topvk -out outf.pvk
Keep the PEM file name in place of the inf.pem and the desired PVK file name in place of outf.pvk.
3. In the command prompt, type the following and press Enter.
openssl pkcs12 -in inf.pfx -nokeys -out outf.pem
Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name.
4. Type the following command in the command prompt and press Enter.
openssl crl2pkcs7 -nocrl -certfile inf.pem -outform DER -out outf.spc
Replace inf.pem with the PEM file created and outf.spc with the required SPC file name.
Now, you can use these files in your code signing process across browsers.
These files may not seem that important, but they actually are. You see, the PVK file has the private keys, while the SPC file has the public keys. Both of these keys are necessary for cryptography which is the savior of your data.
Moreover, they also make usage of code signing certificates easy to use across different systems and browsers.