Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'

I was running into this problem as well. I was able to resolve the issue by running
sn -i <KeyFile> <ContainerName> (installs key pair into a named container).

sn is usually installed as part of a Windows SDK. For example C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\sn.exe. Most likely this location is not on the search path for your standard environment. However, the "Developer Command Prompt" installed by Visual Studio adds additional information that usually includes the correct location.

Based on your post that would look like

sn -i companyname.pfx VS_KEY_3E185446540E7F7A

This must be run from the location of your PFX file, if you have the solution loaded in VS 2010 you can simply right click on the pfx file from the solution explorer and choose Open Command Prompt which will launch the .net 2010 cmd prompt tool in the correct directory.

Before running this sn command I did re-install the pfx by right clicking on it and choosing install however that did not work. Just something to note as it might be the combination of both that provided the solution.

Hope this helps solve your problem.


I've discovered a fix that helps you be able to build successfully in a multi developer environment:

Instead of changing the password (which causes the .pfx to be changed), reselect the .pfx file from the combobox. This then invokes the password dialog. After entering the password, the project will build OK. Every dev can do this on his local machine without actually modifying the .pfx file.

I'm still having problems getting assemblies to be signed on our build server machine. I'm getting the same error there, however using the sn.exe -i method does not fix the problem for the buildserver.


I had the same issue and deleting the store and reading didn't work. I had to do the following.

  • Get a copy of OpenSSL. It is available for Windows. Or use a Linux box as they all pretty much all have it.

  • Run the following to export to a key file:

    openssl pkcs12 -in certfile.pfx -out backupcertfile.key
    
    openssl pkcs12 -export -out certfiletosignwith.pfx -keysig -in backupcertfile.key
    

Then in the project properties you can use the PFX file.