Re: retrieving certificate's public key

From: AAA (aminrozie_at_yahoo.com)
Date: 09/09/03 

Date: Tue, 9 Sep 2003 08:49:05 +0800

I'm having something similar too. I have an enterprise CA using MS Cert
Server setup. Do all the users receiving the certificates from this server
have the same public key? If so, how do I retrieve the public key from the
certificate and use that key to encrypt files? Also, how do I publish the
public key of each one of the users?

AAA
"Sergio Dutra [MS]" <sergiod@online.microsoft.com> wrote in message
news:O4i2G3WcDHA.1532@TK2MSFTNGP10.phx.gbl...
> The certificate's public key is in the certificate itself:
> PCCERT_CONTEXT->pCertInfo->SubjectPublicKeyInfo.
> If you actually want to get the private key, then you need to call
> CryptAcquireCertificatePrivateKey, which will work if the certificate
> already has the required KEY_PROV_INFO property.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
> "Bertrand" <balberola@amadeus.net> wrote in message
> news:0f2d01c36bf1$3edf2e50$a501280a@phx.gbl...
> > how should I use the crypto API to retrieve the public key
> > of a local machine certificate? I always get a NTE_BAD_KEY
> > error with the code below
> > Can somebody help? I'm going crazy...
> >
> >
> > bool ServerCertificate_Manager::getCertPublicKey(long
> > *lerrorcode, PCCERT_CONTEXT pcertcontxt, HCRYPTKEY *hkey,
> > bool islocal)
> > {
> > HCRYPTPROV hProvider = 0;
> > CRYPT_KEY_PROV_INFO *KeyProvInfo;
> > DWORD cbLen;
> > char *ContainerName;
> > char *ProvName;
> >
> > // Retrieve Provider Context associated with the
> > Certificate key container.
> > //the first call retrieves the size to allocate to
> > KeyProvInfo
> > //after allocating that size, the second call sets
> > the value
> > if (!CertGetCertificateContextProperty(
> >
> > pcertcontxt,
> >
> > CERT_KEY_PROV_INFO_PROP_ID,
> > NULL,
> > &cbLen))
> > {
> > *lerrorcode = ERROR_SCM_GETCERT_CONTXTPROP;
> > return false;
> > }
> >
> > KeyProvInfo = (CRYPT_KEY_PROV_INFO *)malloc(cbLen);
> > if (KeyProvInfo == NULL)
> > {
> > *lerrorcode = ERROR_SCM_BUFFER_REALLOC;
> > return false;
> > }
> >
> > if (!CertGetCertificateContextProperty(
> >
> > pcertcontxt,
> >
> > CERT_KEY_PROV_INFO_PROP_ID,
> >
> > KeyProvInfo,
> > &cbLen))
> > {
> > *lerrorcode = ERROR_SCM_GETCERT_CONTXTPROP;
> > free(KeyProvInfo);
> > return false;
> > }
> >
> > cbLen = wcstombs(NULL, KeyProvInfo-
> > >pwszContainerName, 200);
> > cbLen++; // Space for ending zero
> > ContainerName = (char*)malloc(cbLen);
> > if (ContainerName == NULL)
> > {
> > *lerrorcode = ERROR_SCM_BUFFER_REALLOC;
> > free(KeyProvInfo);
> > return false;
> > }
> > wcstombs(ContainerName, KeyProvInfo-
> > >pwszContainerName, cbLen);
> >
> > if (KeyProvInfo->pwszProvName == NULL)
> > {
> > ProvName = NULL;
> > }
> > else
> > {
> > cbLen = wcstombs(NULL, KeyProvInfo-
> > >pwszProvName, 200);
> > cbLen++; // Space for ending zero
> > ProvName = (char*)malloc(cbLen);
> > if (ProvName == NULL)
> > {
> > *lerrorcode =
> > ERROR_SCM_BUFFER_REALLOC;
> > free(KeyProvInfo);
> > free(ContainerName);
> > return false;
> > }
> > wcstombs(ProvName, KeyProvInfo-
> > >pwszProvName, cbLen);
> > }
> >
> >
> > DWORD localflag = 0;
> > if(islocal)
> > localflag = CRYPT_MACHINE_KEYSET;
> > //acquisition of the retrieved context
> > if (!CryptAcquireContext(
> >
> > &hProvider,
> >
> > ContainerName,
> >
> > ProvName,
> >
> > KeyProvInfo->dwProvType,
> >
> > localflag))
> > {
> > DWORD err = GetLastError();
> > if(NTE_BAD_KEYSET==err)
> > {
> > if (!CryptAcquireContext(
> >
> > &hProvider,
> >
> > ContainerName,
> >
> > ProvName,
> >
> > KeyProvInfo->dwProvType,
> >
> > CRYPT_NEWKEYSET|localflag))
> > {
> > *lerrorcode =
> > ERROR_SCM_ACQUIRE_CONTXT;
> > free(KeyProvInfo);
> > free(ContainerName);
> > free(ProvName);
> > return false;
> > }
> > }
> > else
> > {
> > *lerrorcode =
> > ERROR_SCM_ACQUIRE_CONTXT;
> > free(KeyProvInfo);
> > free(ContainerName);
> > free(ProvName);
> > return false;
> > }
> > }
> >
> >
> > free(KeyProvInfo);
> > free(ContainerName);
> > free(ProvName);
> >
> >
> > //gets the key from the context
> > if(!CryptGetUserKey(
> > hProvider,
> > // Handle to the CSP
> > AT_KEYEXCHANGE,
> > // Key specification
> > hkey))
> > // Handle to the key
> > {
> > DWORD erro = GetLastError();
> > }
> > *lerrorcode = ERROR_SCM_GET_USERKEY;
> > return false;
> > }
> >
> > return true;
> > }
>
>

Relevant Pages

  • Re: TLS-certificates and interoperability-issues sendmail / Exchange / postfix ..
    ... > to assert that certificate validation doesn't happen, ... this trusted public key store contains public keys of that the ... signed by the CA. this digital certificate is returned to the "key ...
    (comp.security.unix)
  • Re: What is a Certificate?
    ... what exactly is a certificate? ... > I've read that it is a private key / public key pair. ... register public keys of something called "certification authorities" ... An example is the SSL domain name digital certificate scenario. ...
    (comp.security.misc)
  • Re: Public Encryption Key
    ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...
    (comp.security.misc)
  • Re: Public Encryption Key
    ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...
    (sci.crypt)
  • Re: Is symmetric key distribution equivalent to symmetric key generation?
    ... > channel through which you can request the public key. ... That person might provide a certificate signed by some ... then (trusting the digital certificate) using the ... for transaction scenar, the individual created a transaction, ...
    (sci.crypt)
Loading