Generate the Authenticode Key | Utimaco Integration Guides

To generate the Authenticode Key, follow the below steps:

1. Create a PowerShell script file with name Generate_AuthenticodeKey.ps1 at appropriate location and add the following content into the script file.

`Generate_AuthenticodeKey.ps1`
`#Define Utimaco Provider` `$UtimacoProviderName = "Utimaco CryptoServer Key Storage Provider"` `#Define Algorithm` `$AlgorithmName = "RSA"` `#Define Key Size` `$KeySize = 2048` `# Provide the Key Name` `$KeyName = "Authenticode_TestKey"` `$KeyParams = New-Object` `System.Security.Cryptography.CngKeyCreationParameters` `$KeyParams.provider = New-Object` `System.Security.Cryptography.CngProvider($UtimacoProviderName)` `$KeyParams.KeyCreationOptions =` `[System.Security.Cryptography.CngKeyCreationOptions]::OverwriteExistingKe y` `$keySizeProperty = New-Object` `System.Security.Cryptography.CngProperty("Length",[System.BitConverter]::` `GetBytes($KeySize),` `[System.Security.Cryptography.CngPropertyOptions]::None);` `$KeyParams.Parameters.Add($keySizeProperty)` `$Algorithm = New-Object` `System.Security.Cryptography.CngAlgorithm($AlgorithmName)` `$Key = [System.Security.Cryptography.CngKey]::Create($Algorithm, $KeyName, $KeyParams)`

Generate_AuthenticodeKey.ps1

#Define Utimaco Provider

$UtimacoProviderName = "Utimaco CryptoServer Key Storage Provider"

#Define Algorithm

$AlgorithmName = "RSA"

#Define Key Size

$KeySize = 2048

# Provide the Key Name

$KeyName = "Authenticode_TestKey"

$KeyParams = New-Object

System.Security.Cryptography.CngKeyCreationParameters

$KeyParams.provider = New-Object

System.Security.Cryptography.CngProvider($UtimacoProviderName)

$KeyParams.KeyCreationOptions =

[System.Security.Cryptography.CngKeyCreationOptions]::OverwriteExistingKe y

$keySizeProperty = New-Object

System.Security.Cryptography.CngProperty("Length",[System.BitConverter]::

GetBytes($KeySize),

[System.Security.Cryptography.CngPropertyOptions]::None);

$KeyParams.Parameters.Add($keySizeProperty)

$Algorithm = New-Object

System.Security.Cryptography.CngAlgorithm($AlgorithmName)

$Key = [System.Security.Cryptography.CngKey]::Create($Algorithm, $KeyName, $KeyParams)

Launch PowerShell as Administrator, and run Generate_AuthenticodeKey.ps1.

›_ PowerShell

> .\Generate_AuthenticodeKey.ps1

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.

The generated keys will be protected by the HSM and can be verified using below command

`›_ Console`
`>cngtool ListKeys` `------------------------------------------------------------` `Provider : Utimaco CryptoServer Key Storage Provider` `Device : 10.44.223.141` `Group : CNG` `Mode : Internal Key Storage` `------------------------------------------------------------` `Index AlgId Size Group Name Spec` `------------------------------------------------------------` `1 RSA 2048 CNG Authenticode_TestKey 0`

›_ Console

>cngtool ListKeys

------------------------------------------------------------

Provider : Utimaco CryptoServer Key Storage Provider

Device : 10.44.223.141

Group : CNG

Mode : Internal Key Storage

------------------------------------------------------------

Index AlgId Size Group Name Spec

------------------------------------------------------------

1 RSA 2048 CNG Authenticode_TestKey 0

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.