{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《PVK2PFX Error 0x80070490 - Cannot find certificate》','https://www.manongdao.com/q-661408.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We got our new certificate (*.cer) file from Thawte, and i went through our standard procedures to allow it for use with code signing.
If i use our old (working) certificate:
Convert certificate (.cer) into Software Publishing Certificate (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc SucceededCombine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -fprompts for private key file password, enter it, click OK
And we're good to go; ready to use signtool.
We now have our new certificate, and i follow the same procedure:
Convert certificate (.cer) into Software Publishing Certificate (.spc)
>Cert2Spc.exe Avatar.cer Avatar.spc SucceededCombine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -fprompts for private key file password, enter it, click OK
ERROR: Cannot find certificates that match the key. (Error Code = 0x80070490).
What's going wrong?
Notes:
- we've used the same private key file (*.pvk) for a decade
- this year Thawte gave us a 2-year certificate; rather than the usual 1-year
- this year Thawte changed their signing certificate from
Thawte Code Signing CAtoThawte Code Signing CA - G2 - Google says that nobody has ever gotten the error Cannot find certificates to match the key.
The Windows SDK only contains two references to the error code
0x80070490:Visual Foxpro for Windows header file (
vfwmsgs.h):// // MessageId: E_PROP_ID_UNSUPPORTED // // MessageText: // // The specified property ID is not supported for the specified property set.%0 // #define E_PROP_ID_UNSUPPORTED ((HRESULT)0x80070490L)Which is almost certainly a red herring; Foxpro?
commented out code in the RSS screensaver sample (
RssItem.cs)// "Element not found. (Exception from HRESULT: 0x80070490)"Also almost certainly a red-herring; XML?
- decimal version of
0x80070490is-2147023728
Turns out that this year we were given a new private key.
Well, you're not given a private key, the certificate+key is fetched through the browser and stored in a certificate store. From there we can export a
.PFX(Apfxcontains a certificate and a private key).With this PFX exported from the browser's certificate store, we can use it directly to sign code with
signtool.Note: We were actually gluttons for punishment, and went through steps:
But all that route gave us was a private key file (
*.pvk) that wasn't protected with a password; sosigntoolcould run without user interaction.But the answer to this question was: The private key doesn't match the certificate.