Exporting your Code Signing Certificate to a PFX File (From FireFox)

October 19th, 2009

** IMPORTANT NOTE : You can only export your certificate *AFTER* Comodo (or whomever you purchased it from)  issues it.

So you’ve purchased a code signing certificate from our store? Great! If you used FireFox to place the order then you’ll now need to export your certificate from the certificate store into a PFX file that you can use with the utilities that perform the code signing. This blog post will walk you through doing that.

If you ordered using Internet Explorer, click here to go to the post about exporting with IE.

Though these screen shots are from Windows XP the process is the same on Windows Vista and Windows 7.

To export a stored code signing certificate from FireFox to a PFX file follow these steps :

Open FireFox, click the Tools menu, then Options, then the Advanced Button (far right, top) :

Step 1

Step 1

Click the View Certificates button :


Step 2

Step 2

Select your certificate and click the Backup Button :


Step 3

Step 3

FireFox requires a password for the PFX file.

Type in any password you like but REMEMBER WHAT YOU ENTER!

Click OK and that’s it! FireFox will ask you where you want to save the PFX file – save it anywhere. The file is portable and can now be copied to any computer.

Additional Note : FireFox might save the file with a .p12 extension – that’s OK! Just rename the file to .pfx and you can use it with any of the code signing tools.



Posted in Code Signing/Authenticode | 1 Comment »

Exporting your Code Signing Certificate to a PFX File (From Internet Explorer)

October 13th, 2009

** IMPORTANT NOTE : You can only export your certificate *AFTER* Comodo (or whomever you purchased it from)  issues it.

So you’ve purchased a code signing certificate from our store? Great! If you used a new(er) version of Internet Explorer then you’ll now need to export your certificate from the certificate store into a PFX file that you can use with the utilities that perform the code signing. This blog post will walk you through doing that.

Though these screen shots are from Windows XP the process is the same on Windows Vista.

To export a stored code signing certificate to a PFX file follow these steps :

Open Control Panel, click Internet Options.

Step 1

Step 1

Click the Content tab. Click the Certificates button.

Export To PFX Step 2

Step 2

Select the Personal tab, then click the certificate you would like to export.

Comodo certificates will be “Issued By” UTN-USERFirst-Object like in the above screen shot.

Step 3

Step 3

Click the Next button

Step 4

Step 4

Click the option “Yes, export the private key”. Click the Next button.

Step 5

Step 5

Select the option Personal Information Exchange. Check the first two boxes and optionally the third box. Click the Next button.

** Windows Vista Users : You may not have the “Enable Strong Encryption” option – that is OK! Check the “Export all extended properties” option.

Step 6

Step 6

Optionally password protect the private key. Click the Next button.

While password protecting the key does provide a great deal of security (only those with the password can code sign), you MUST remember the password – it cannot be recovered.

The only thing left to do after step 6 is to choose where to save the PFX file and click Finish!

Posted in Code Signing/Authenticode | No Comments »

What is encryption and should you use it?

August 24th, 2009

While we should all be careful to reference Wikipedia (the information there is often inaccurate), the definition of encryption is pretty good :

From http://en.wikipedia.org/wiki/Encryption

…encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key

A simple example?

A very simple example is something called a substitution cipher. With a substitution cipher the encrypting party defines a key that tells the receiving party what the symbols translate into (the symbols can be letters, number or just shapes). As an example lets take the entire English alphabet and number every letter  from 1 to 26 – “A” is 1, “B” is 2, and so on. With this substitution cipher we would write “hello” as “8 5 12 12 15″. Obviously a substitution cipher like that is very easy to break but it does illustrate a basic type of encryption.

What about modern encryption?

Modern encryption algorithms are exceptionally complex. The industry standard for encryption is now AES (Advanced Encryption Standard) and is in use all over the world. While no encryption is truly uncrackable, AES encryption is considered “strong” encryption and is virtually impossible to crack using any known method. Again, Wikipedia offers an accurate description of AES encryption at http://en.wikipedia.org/wiki/Advanced_Encryption_Standard if you’re interested (beware, it’s a bit eye-crossing!).

Should you use encryption?

YES! Though it might sound like you need a PhD in mathematics to use encryption effectively, you don’t. There are hundreds of encryption programs available that perform various functions from drive encryption to file or email encryption. If you’re looking for an easy-to-use encryption program that offers strong encryption, look no further. K Software recently released RightClickEncrypt and we think it is one of the easiest encryption programs on the market.

RightClickEncrypt implements the AES encryption algorithm mentioned above for very high security so you’re not sacrificing security for ease of use. It integrates into Windows explorer so you only need to right-click on the files or folders you want to encrypt to make it work. It gathers, compresses (shrinks) and encrypts any files or folders you select into a single .EXE file that you can then copy to CD/DVD/flash drive or upload to a website for off-site backup purposes. You don’t have to have RightClickEncrypt installed to decrypt the files – all you have to do is double-click the .EXE file, type in the password and tell RCE where to put the decrypted files.

Since a picture is worth 1000 words :

RightClickEncrypt Screenshot

RightClickEncrypt Screenshot

RightClickEncrypt is offered as try-before-you-buy software so you can test it before purchasing. RightClickEncrypt is available right now for $9.99 at http://www.rightclickencrypt.com

Posted in Encryption, RightClickEncrypt | No Comments »

What is Authenticode (Code Signing)?

July 27th, 2009

Authenticode™ is a technology developed by Microsoft that, according to them :

While not guaranteeing bug-free code, Authenticode identifies the publisher of signed software and verifies that it hasn’t been tampered with, before users download software to their PCs - technet.microsoft.com/en-us/library/cc750035.aspx

Authenticode is commonly referred to as Code Signing because a “digital signature” is attached to .EXE and other files that is used to determine if the file has been modified since being “signed” by the publisher.

The way most users have run across Authenticode is likely by downloading a piece of software and seeing a rather nasty “Unknown Publisher” warning from the web browser (or Windows). Does this look familiar to anyone?

Example of an unknown publisher warning in Internet Explorer

That is an example of an Unknown Publisher download warning in Windows Vista.

Now an example of the same warning, but for a file that has been digitally signed (by K Software) :

An example of a known publisher - valid code signing certificate used

If you click on the linked K Software text you can see the details of the certificate :

Example of a certificate details page

Note the “This Digital Signature is OK” message. If you don’t see that on the certificate details page then you should not run it as the file has been modified since the publisher signed it (it could have a virus or contain some other sort of malware).

What Authenticode is Not

Authenticode (Code Signing) is not a guarantee that the software that has been digitally signed is bug free or even virus/malware free. All a digital signature says is “this file has not been modified since it was signed by the publisher”. Having said that it is worth noting that obtaining a code signing certificate is not free and that companies or individuals that apply for a code signing certificate do have to pay a fee and do have to prove their identity to the company that issues the certificate.

Comodo Code Signing Certificate Partner

K Software is an authorized Comodo reseller and offers Comodo Code Signing Certificates at a significant discount. Read more.

Tags: , , ,
Posted in Code Signing/Authenticode | 1 Comment »