Convert the Java JKS key-store to Microsoft PFX format

Copyright © 2004, 2005 TJ

The GNU General Public License version 2 or later applies to my ExportPrvKey.class. See http://www.gnu.org/licenses/gpl.html

Here's how to get and use a code-signing Thawte digital certificate to sign your Java JAR and Microsoft CAB, EXE, DLL, VBscript, etc. code, to create trusted applets for downloading over the Internet, and to convert the Java JKS key-store to P12/Microsoft PFX (Personal Information Exchange) format to share the same certificate with Java JAR files and Microsoft CAB files.

This allows software authors to increase the range of activities the Java Security Manager will permit.

Contents

• Overview
• Download and Install Tools
• Personal Freemail account at Thawte
• Request a Free Test Certificate
• Create a New Java Key/Certificate Pair
• Generate a Certificate Signing Request
• Import Thawte Certificate to Sun Java JKS Key-store
• Convert Sun Java JKS Keystore to Microsoft PFX format
• Import Key & Certificate to Microsoft Key-store
• Sign a Java JAR File
• Sign a Microsoft CAB file
• Observations

Sign a Microsoft CAB file

I'm assuming you've already created the CAB file using the Microsoft cabarc.exe tool. It goes something like this:

cabarc.exe -p n jsEvents.cab irc\plugin\net\tjworld\jsEvents\*.class

Now run the signcode.exe tool; if you run it without command line arguments it will start the Digital Signature Wizard.

signcode.exe

Choose the file you want to sign, then press the Next button.

Choose your signing options; Typical is recommended. Press the Next button.

Choose your signing key by pressing the Select from Store... button.

If you're happy with the summary, press the Next button.

Type in a useful description and web link for your software, then press the Next button.

Choose if you want to timestamp the code. The URL for Thawte is http://timestamp.verisign.com/scripts/timstamp.dll. Press the Next button.

Check the summary, then press the Finish button.

If everything was okay, you'll see the success message.

If you have any comments or simply find this guide a useful time-saver I'd welcome hearing from you. You can email me at codesigning@tjworld.net.

© Copyright 2004, 2005 TJ. You are welcome to link directly to this article and make a non-public personal copy (not redistributed or republished). The article must remain in XHTML form (mustn't be converted to proprietary formats such as PDF or DOC). If you would like to include it in a commercial service (e.g. a subscription or advertiser-supported web site) please ask.