How to Convert an Exported PFX File to PVK & SPC Files [A Detailed Guide]

Convert Exported PFX File to PVK File

Note: Due to the New CA/B Guideline, the Code Signing Certificate is now not exported; private keys must be marked as non-exportable!

A single code signing certificate can work on various machines. However, you need to convert it into the respective format. Here we will see how to convert an exported PFX File to PVK and SPC Files on Windows!

There is no need to worry if the names of the files listed in the title perplexe you. They are related to code signing and have a critical role to play. Code signing is a process in which developers use a digital code signing certificate to sign the code or software they make. This certificate is provided to them by an authenticated certificate authority.

Instead Buy Token Based Code Signing Certificate Based on New CA/B Requirement that can store on FIPS 140-2 Level 2 or Common Criteria Level EAL4+ certified device.

However, it is not that easy to get the code signing certificate. You have to prove your identity to the certificate authority to get the certificate. And there is a strict vetting process if you apply for an EV certificate.

We are clear about code signing, but what are these PFX, SPC, and PVK files? You must be so keen to find out, right? Let’s move ahead and learn about them and how you can use them for your benefit.

What are PFX, PVK, and SPC Files?

So, what are these files with strange names? Let’s find out!

PFX File: Number one on the list is the PFX file. The PFX file is the PKCS#12 format file containing the SSL certificate, certificate chains, root authority certificates, private keys, and the intermediate certificate authority to prove the certificate’s legitimacy.

This file is primarily in the encrypted format and used by browsers or the PC for checking the authenticity of the software.

PVK File: PVK is a proprietary format of the file that is used to store private keys for code signing for various Microsoft products.

SPC File: An SPC file is a digital certificate file made in PKCS # 7 format. Like files like .ssp, .cer, and .p7c, the SPC file stores the public key information, which is encrypted with a private key.

So, this is a brief overview of the files used behind the scenes in the code signing process.

Why do you need to Convert the PFX file?

Many of you might have this question popped up in your mind, why do you need to convert the PFX file? Well, there are some reasons for that! Here is the most important one.

The PFX file is encrypted when it is fetched from the CA. However, if you want to use the same PFX file on another system or PC, you won’t download a new one, right? Hence, it is best to export and convert it into an unencrypted form for another system.

How to Convert PFX to PVK and SPC files?

So, if you want to convert the PFX file to PVK and SPC-based for a browser, here is the detailed process!

Step 1. Export the code signing certificate from Internet Explorer

Before you convert the PFX file to PVK or any other forms, it is necessary to export the PFX file from the previous browser, or should we say the default browser? The code signing certificate on your device is permanently installed on the default browser. Hence, if you use a different browser like Firefox or Google Chrome, you may have to export it.

As Internet Explorer is the default Microsoft browser, you must export it to use it in another browser.

Here are the steps to export the certificate from Internet Explorer!

  • Begin by clicking on Tools from the hamburger menu in the top-right corner.
  • Click on Internet Options.
  • The following window will show you the Content tab; click on it and then on Certificates.
  • Choose the certificate you want to export from the list and click on Export.
  • Click Next.
  • Click Yes, export the private key, and then click Next. (if the option Yes, export the private key is not there, go to check the certificate)
  • Opt for the “personal information exchange” option and then “Include all certificates in the certification path if possible.
  • Select the “export all extended properties” option. Select the “delete the private key if the export is successful” option unless you want to leave a copy of the private key in the certificate store.
  • Click Next. If prompted, enter the password twice and select the location where you want to save the file.
  • Click on Next.
  • Click Finish and then Ok.

Step 2. Install the Prerequisites

Ok, so you have successfully exported the certificate from the browser to your PC. It is time to convert it. You need to have the following tools to convert the PFX file to PVK and SPC.

  1. OpenSSL: OpenSSL is a crucial tool on your PC with an SSL certificate.
  2. PVK Transform Utility: This is another crucial utility you must have on your PC for successful conversion.

Steps to Convert an Exported PFX File to PVK and SPC Files

Here are the steps to convert the PFX files to PVK and SPC files.

1. Open the command prompt and type in the following command, and hit Enter.

openssl pkcs12 -in inf.pfx -nocerts -nodes -out outf.pem

Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name. Enter your PFX password if required.

2. Type the following command in the command prompt and push Enter.

pvk -in inf.pem -topvk -out outf.pvk

Keep the PEM file name in place of the inf.pem and the desired PVK file name in place of outf.pvk.

3. In the command prompt, type the following and press Enter.

openssl pkcs12 -in inf.pfx -nokeys -out outf.pem

Replace inf.pfx with the name of your exported PFX file and outf.pem with the PEM file name.

4. Type the following command in the command prompt and press Enter.

openssl crl2pkcs7 -nocrl -certfile inf.pem -outform DER -out outf.spc

Replace inf.pem with the PEM file created and outf.spc with the required SPC file name.

Now, you can use these files in your code signing process across browsers.

Conclusion

These files may not seem that important, but they actually are. You see, the PVK file has the private keys, while the SPC file has the public keys. Both of these keys are necessary for cryptography which is the savior of your data.

Moreover, they also make usage of code signing certificates easy to use across different systems and browsers

Code Signing Tutorials

Cheap Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Starting at Just $215.99/Year
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.