Tuesday, 9 December 2008

Signing Adobe AIR files with Authenticode Certificates

There are some things that always seem a little trickier than they should be. Renting an apartment in London that has working heating and hot water is one of them, converting an Authenticode certificate from SPC and PVK files to a format that you can sign Adobe AIR files with is another.

Since I still haven't figured out the former, I'm going to write about the latter.

First things first, if you're going to get a certificate solely for signing AIR files, then buy one from Verisign or Thawte specifically for AIR. It's just easier.

If, however, you want to use your certificate to sign .NET applications as well, then get a Microsoft Authenticode certificate. You can use that certificate to sign AIR apps and well as .NET apps. We got our Authenticode certificate from Verisign, but there are other vendors. If this is what works for you, then the following might be helpful. If you have haven't already done so, go away and buy the certificate now - I'll see you again when you have downloaded a PVK file and an SPC file.

So, let's skip forward a few days. You've got your PVK file (the private key), and the SPC file. You're probably wondering how to turn those files in to a PFX file that you can use with ADT to sign files. Hopefully, these steps should help. Oh, I'm assuming that you're using a PC here...

Firstly, you need to ask yourself two questions:

  1. Do you feel lucky?

  2. Can you find a tool called pvk2pfx on your machine. This is a pain to get hold of, but lives in bin directory of most Microsoft SDKs.

If you're lucky AND you can find pvk2pfx, then skip forward a little. If you can't find it, then read on.


I don't have pvk2pfx, I need something else


Worry not, this is still completely possible...

  1. Get a tool called pvkimprt. You can download it from Microsoft. Run the self extracting whatsit, then run the installer, and make a note of its final resting place.

  2. Open up a commmand prompt (Start, Run, "cmd").

  3. Change to the directory where pvkimprt ended up.

  4. Run:
    pvkimprt -PFX <path\to\cert.spc> <path\to\key.pvk>

  5. Choose the following options:

    Choose to export the private key...

    Choose the PFX format, choosing to include certificate chain and use strong protection.

    Choose a password...

    Select a location to save the pfx file

    This is what success looks like...

  6. You can use the resulting pfx file to sign an Adobe AIR file with adt.


You're done! You might want to ignore the rest of this post, it will make you wish you were luckier. Any questions/mistakes/omissions, feel free to ask...

I'm lucky, I have pvk2pfx

This is much easier. Simply:

  1. Open up a commmand prompt (Start, Run, "cmd")

  2. Change to directory where you found pvk2pfx.

  3. Run:
    pvk2pfx -pvk <path\to\key.pvk> -pi <pvk password> -spc <path\to\cert.spc> -pfx <path\to\output.pfx> -po <new password for pfx file> (all on one line)

  4. You can use the resulting pfx file to sign an Adobe AIR file with adt.



I hope that was helpful!

Thursday, 4 December 2008

The Anatomy of a Seriously Sophisticated AIR Application

As promised, I've uploaded the slides that Rick Williams and I presented at Adobe MAX Milan on December 2nd 2008. Enjoy!

Tuesday, 2 December 2008

Thanks to all those who came to see us talk...

Just a quick note to say thanks to all the folks that came to see Rick and I present "The Anatomy of a Sophisticated Air Application" at Adobe MAX in Milan. It was also great to speak to so many people who loved Fiat eco:Drive.

We will the get the slides up ASAP. Over the next few weeks, I'll blog about some of the topics we covered in a bit more detail - leave a comment if there is something specific you would like to know about.

Thanks!