air Code signing with Usb token

Report · May 19, 2017

Hello.

It seems since february 2017, Certificate Authorities deliver certificates as usb token.

I got a GlobalSign code signing certificate, which is stored on such device, using safeNet.

The problem is that the only thing i can get from it is a .cer

The private key is unaccessible and the usb token is not visible under windows explorer.

Since FlashBuilder seems to require a .pfx or .p12 for build, i don't know what to do.

I try looking into adt, but it seems it require the same files.

Any help is welcome.

Thanks.

p.s. I'm working with FlashBuilder 4.6, mainly developping flex/air desktop and mobile apps

Report · May 23, 2017

Hi,

It can be done via command line / terminal. In the case of windows (I don't have this setup on a mac):

Install / Import the cert via Internet options in the control panel: Content > Certificates > Import (You may get lucky and already have the certificate installed)
Make a note of the "Issued to:" field this will be your alias
Make sure you have the key inserted and drivers installed
In Flash Builder: Export Build Release selecting the "Intermediate AIRI package that must be manually signed later" option
Open up the command prompt
Enter the following replacing YOURALIAS, YOURPASSWORD and file paths with the appropriate items:
adt -sign -tsa http://timestamp.digicert.com/ -storetype Windows-MY -alias "YOURALIAS" -storepass YOURPASSWORD -keypass YOURPASSWORD "path/to/file.airi" "path/to/file.air"
I have no idea which one is needed out of -storepass & -keypass (if any)
This should then open a window titled "Token Logon"
Enter your "Token Password" and click "OK"
adt should then get busy signing your app

Notes

You'll need to make sure that you have adt and java in your environment variables
This may not make any difference, but I'm also using the 32bit version of the JDK
The store type Windows-MY has only been supported since JDK v1.6 so make sure thats updated
My installed flex SDK is: apache flex 4.16.0 sdk with air v23

Hope this helps you out!

Report · May 31, 2017

Thanks. this works.

Report · Aug 17, 2017

I am having trouble getting this to work. I have the same scenario as above. Unfortunately the alias instructions do not work for me since I have legacy certificates that have the same "Issued to:" field. The command is using last years certificate and telling me my certificate is expired. It is not using the new e-token on the usb.

The certificate is from the same provider so using -providerName does not appear to work..

Any help is welcome - I am spinning my wheels on this one.

Update:

Figured it out. I deleted all the old certificates that were in the Internet Explorer browser and it defaulted to the latest certificate.

Sorry for the noise

Report · Sep 13, 2017

Been fighting with this all day. GlobalSign is trying to help, but they can't even figure it out. Any help Adobe? Also, there's mention of using the 32 bit version of Java, but as far as I can tell, that's not available for Mac?

This is essentially what GlobalSign has told us, but I just get an error "requested provider is not available"

adt -migrate -tsa http://timestamp.globalsign.com/scripts/timestamp.dll <http://timestamp.globalsign.com/scripts/timestamp.dll> -storetype PKCS11 -alias "le-4859d290-7d91-4f3d-8987-b7224058c5c7" -providerName SunPKCS11-eToken signed.air resigned.air

Report · Oct 02, 2017

I am having the same issue. It would be great if this could be resolved.

Report · Jan 11, 2018

More information about sign with eToken - EV Code Signing Certificates for Adobe AIR®

On Windows I installed SafeNet soft and eToken appeared in Certificate manager as common certificate.

Then I used adt with -storetype 'Windows-MY' and -alias with certificate name.

On mac there is no luck yet.

Report · Mar 01, 2018

Hello.

Thank you so much for the nice support. It works smoothly when we need as output a file.air What should we do in case we need a file.exe output? Every help will be greatly appreciated.

Report · May 29, 2019

I'm migrating a flash based game into Adobe Air getting ready for Flash end of life. I'm having issues packing the native installer on Mac. On PC it's working using the following...

adt -package -tsa http://timestamp.digicert.com/ -storetype Windows-MY -alias "My Company Name" -storepass myPassword -keypass myPassword -target native gameName.exe game-app.xml game.swf assets

(this worked based on spadged 's answer)

I'm trying to get the same approach working on the Mac with no luck. I tried...

adt -package -tsa http://timestamp.digicert.com/ -storetype KeychainStore -alias "My Company Name" -providerName Apple -storepass myPassword -keypass myPassword -target native gameName.exe game-app.xml game.swf assets

error....
KeychainStore Ignored Exception: java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed.

I've also tried this...

adt -package -tsa http://timestamp.digicert.com/ -storetype pkcs11 -providerName SunPKCS11-eToken -alias "My Company Name" -storepass myPassword -keypass myPassword -target native gameName.exe game-app.xml game.swf assets

error:
requested provider is not available

Adobe Community

air Code signing with Usb token

1 Correct answer