none
.pfx file password question. RRS feed

  • Question

  • When I use .pfx files in my Visual Studio projects, during build time, I get a pop up a GUI dialog that asks for the password.

    This is causing problems with our automated build system that uses msbuild to automatically build all of our Visual Studio projects.

    Where is this password stored? It's not stored in the project file or solution file. How can I properly store the necessary password in a source control system?
    Wednesday, March 5, 2008 10:26 PM

Answers

  • Evaristo9,

     

    Based on your post, you have signed the assembly with Personal Information Exchange (pfx file). Except the pfx signing with the password, you can also use snk to sign the strong name assemblies. The article How to: Sign an Assembly (Visual Studio) can help you with understanding the assembly signing issue.

     

    In "Signing" tab of project Properties, when you click "Sign the assembly" and "Choose a strong name key file -> New", you can store the pfx file by adding the key file name and the password. In Solution Explorer, you can see the filename.pfx that store the private keys with the encrypt password information. You can get the file and store the file to other most secure place.

     

    As the article Using Strong Name Signatures mentions: While password-protecting your key files is a much better solution than storing them in the clear, it is still not ideal. You would still have to distribute the PFX file to all of your developers, and they would all have to know the password for the PFX file. Secrets that are widely shared like this do not tend to stay secret for very long. Ideally, you should not have to distribute the private key to build and test your code during development.

     

    The article ClickOnce Manifest Signing and Strong-Name Assembly Signing Using Visual Studio Project Designer's Signing Page can help you with the signed assembly deployment issue.

     

    In addition, I would like to provide you the article refers on further: PKCS #12 File Types: Portable Protected Keys in .NET

     

    Hope that can help you.

    Friday, March 7, 2008 7:44 AM