Knowledgebase: Code Signing
Visual Studio 2005 error 'Cannot find the certificate and private key for decryption'
Assembly Signing Using Visual Studio Project Designer's|
Problem : The .pfx file cannot include certificate chaining information. (If the .pfx file does include this information, the following import error will occur: "Cannot find the certificate and private key for decryption.")
Resolution : The most common problem arises when using a .pfx file that contains chaining information. You can remove chaining information from the key file by running the Certificate Manager snap-in (Certmgr.msc), importing the pfx file into the personal certificate store, and then exporting it without including the certificate chain information. You can accomplish this by doing the following:
1. On the Start menu, click Run, type mmc, and then click OK. The Console1 dialog box appears.
2. On the File menu, click Add/Remove Snap-in. The Add/Remove Snap-in dialog box appears.
3. Click Add. The Add Standalone Snap-in dialog box appears.
4. Click Certificates, and then click Add. The Certificates snap-in dialog box appears.
5. Select My User account, click Finish, click Close, and then click OK to close the dialog boxes.
6. Expand Certificates - Current User, expand Personal and then expand Certificates.
7. Right click on the Certificates node and from the context menu select All Tasks and Import.
8. The Certificate Import Wizard appears; click Next.
9. At the File to Import step, browse and select the .pfx file and then click Next.
10. Enter private key password information, check the option to mark this key as exportable, and then click Next.
11. At the Certificate Store step, go with the defaults to place into the Personal Certificate store, click Next, and then click Finish.
12. The certificate is now imported and ready for export. Select and right click on this certificate and, from the context menu, select All Tasks and Export.
13. The Certificate Export Wizard dialog appears; click Next.
14. At the Export Private Key step, select the option Yes to export the private key and then click Next.
15. At the Export File Format step, make sure the option to include all certificates in the certificate path is unchecked and click Next.
16. At the Password step, enter desired password information and click Next.
17. At the File to Export step, specify the file name, click Next, and then click Finish.
18. This should display the export was successful dialog; click OK.
For more information please see the Microsoft Article