Skip to content
/ SnInstallPfx Public

This utility is an alternative for command sn.exe -i <infile> <container> and installs key pair from <pfx_infile> into a key container compatible for MSBuild. It computes the container name automatically and accepts password as a command line argument.

License

MIT license
30 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

honzajscz/SnInstallPfx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

PFX problem

Have you ever received following MSBuild error?

error MSB3325: Cannot import the following key file: my.pfx. 
The key file may be password protected. 
To correct this, try to import the certificate again or 
manually install the certificate to the Strong Name CSP 
with the following key container name: VS_KEY_ABCDEF1234567890

This error occurs when you build an MSBuild project and attempt to strong name sign it with a password protected PFX bearing a key pair. Under the hood MSBuild computes a hash using your domain\username and the PFX file bytes and searches for a private/public key container named VS_KEY_<THAT_HASH> in a system cryptographic service provider (CSP) to sign the compiled project.

To fix the compilation error you first need to install the key pair into the provided container and register it with the CSP. The .NET SDK contains the sn.exe* utility allow to do so. The full command is

sn.exe -i <infile> <container>

This command has two drawbacks

  1. You have to pass the container name (VS_KEY_ABCDEF1234567890)
  2. You have to enter PFX password. This password cannot be passed as a parameter which make things complicated in batch scenarios.

SnInstallPFX utility

I have written a .NET utility that overcomes the aforementioned drawbacks. It computes the container name from the PFX file (if not specified) and accepts the password as a parameter.

SnInstallPfx.exe <pfx_infile> // show information about the pfx_infile
SnInstallPfx.exe <pfx_infile> <pfx_password> // install the pfx_infile 
SnInstallPfx.exe <pfx_infile> <pfx_password> <container_name> // install the pfx_infile under container_name

The hash computing is copied from the MSBuild source code on GitHub.

Download

Check the release tab.

Useful commands

// list containers in CSP, add -v switch for verbose output
certutil -csp "Microsoft Strong Cryptographic Provider" -key

// delete a container from CSP
certutil -delkey -csp "Microsoft Strong Cryptographic Provider" "<container>"

// delete all VS_KEY_* containers 
certutil -csp "Microsoft Strong Cryptographic Provider" -key | Select-String -Pattern "VS_KEY" | %{ $_.ToString().Trim()} | %{ certutil -delkey -csp "Microsoft Strong Cryptographic Provider" $_}

About

This utility is an alternative for command sn.exe -i <infile> <container> and installs key pair from <pfx_infile> into a key container compatible for MSBuild. It computes the container name automatically and accepts password as a command line argument.

Resources

Readme

License

MIT license
Activity

Stars

30 stars

Watchers

5 watching

Forks

9 forks
Report repository

Releases 3

0.1.2-beta Latest
Jul 29, 2020
+ 2 releases

Packages

No packages published

Languages