Re: cxertificates on smart card

From: Elisa (elisa.vacchieroNO_at_SPAMcystem.it)
Date: 11/07/03


Date: Fri, 7 Nov 2003 08:29:51 +0100

you were right: it was a bug of the csp I was using!
thank you very much!

elisa

"Eric Perlin [MS]" <ericperl@online.microsoft.com> wrote in message
news:ec9KBLyoDHA.2272@tk2msftngp13.phx.gbl...
> Side note: by default Win2000 and later systems will automatically
propagate
> certificates for BOTH key types in the default container.
> As such, the certificate you are looking for may already be in MyStore.
>
> Given the code below, are you saying that the first call to
CryptGetKeyParam
> for KP_CERTIFICATE succeeds but that dwCertificate = 0?
> If you are sure that there is a certificate for this key in this
container,
> this looks like a bug in the CSP.
>
> --
> Eric Perlin [MS]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> ---
>
> "Elisa" <elisa.vacchieroNO@SPAMcystem.it> wrote in message
> news:OXdtMgvnDHA.2416@TK2MSFTNGP10.phx.gbl...
> > The problem is that I want the other key (AT_SIGNATURE not
> AT_KEYEXCHANGE!)
> > in the same key container..
> > I've been trying to import this key, but I have some problems with
> > CryptGetUserKey.
> > It doesn't fail, but the value and the lenght of the key in memory
aren't
> > correct!
> >
> > So following functiones that use these key fail with
> > Error number 57
> > Description: The parameter is incorrect.
> >
> > here is the code I wrote for the import:
> >
> >
> > // -------------------------------------------------
> > // acquire context
> >
> > hProv = 0 ;
> > BOOL bCryptAcquireContext = FALSE ;
> > bCryptAcquireContext = CryptAcquireContext(
> > &hProv,
> > "TODO-GUID", // name obtained with CryptGetProvParam
> > "IPMCSP32",
> > PROV_RSA_FULL,
> > // CRYPT_NEWKEYSET
> > 0
> > );
> >
> > if (bCryptAcquireContext)
> > {
> > printf("\n\nProvider created.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptAcquireContext!");
> > }
> >
> >
> > // -------------------------------------------------
> > // CryptGetUserKey (AT_SIGNATURE)
> >
> >
> > if (CryptGetUserKey(hProv,
> > AT_SIGNATURE,
> > &hKey))
> > {
> > printf("\n\nCryptGetUserKey.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetUserKey!");
> > }
> >
> >
> > // -----------------------------------------------------
> > // CryptGetKeyParam (KP_CERTIFICATE)
> >
> > if(CryptGetKeyParam(hKey,
> > KP_CERTIFICATE,
> > NULL, // prima chiamata solo per avere dim
> > &dwCertificate,
> > 0))
> > {
> > printf("\n\nCryptGetKeyParam.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetKeyParam!");
> > }
> >
> >
> > // -----------------------------------------------------
> > // Malloc
> >
> > BYTE* pbCert = NULL;
> > pbCert = (BYTE*)malloc(dwCertificate);
> >
> >
> > // -----------------------------------------------------
> > // CryptGetKeyParam (KP_CERTIFICATE)
> >
> > if(CryptGetKeyParam(hKey,
> > KP_CERTIFICATE,
> > pbCertificate,
> > &dwCertificate,
> > 0))
> > {
> > printf("\n\n CryptGetKeyParam.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetKeyParam!");
> > }
> >
> >
> > // ------------------------------------------------
> > // CertOpenStore(MY)
> >
> > if (hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
> > MY_TYPE,
> > 0,
> > CERT_SYSTEM_STORE_CURRENT_USER
> > szStore))
> > {
> > printf("\n\nCertOpenStore.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertOpenStore!");
> > }
> >
> >
> > // -------------------------------------------------
> > // CertAddEncodedCertificateToStore
> >
> > if (fResult = CertAddEncodedCertificateToStore(hCertStore,
> > MY_TYPE,
> > pbCertificate,
> > dwCertificate,
> > CERT_STORE_ADD_REPLACE_EXISTING,
> > &pCertContext))
> > {
> > printf("\n\nCertAddEncodedCertificateToStore.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertAddEncodedCertificateToStore!");
> > }
> >
> >
> > // -------------------------------------------------
> >
> > ZeroMemory(&KeyProvInfo, sizeof(KeyProvInfo));
> > KeyProvInfo.pwszProvName = (WCHAR*)"IPMCSP32";
> > KeyProvInfo.pwszContainerName = (WCHAR*)"TODO-GUID";
> > KeyProvInfo.dwKeySpec = AT_SIGNATURE; ;
> > KeyProvInfo.dwProvType = dwProvType;
> >
> > // -------------------------------------------------
> > // CertSetCertificateContextProperty
> > if( fResult = CertSetCertificateContextProperty(pCertContext,
> > CERT_KEY_PROV_INFO_PROP_ID,
> > 0,
> > &KeyProvInfo))
> > {
> > printf("\n\nCertSetCertificateContextProperty.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertSetCertificateContextProperty!");
> > }
> >
> >
> > what could be the problem?
> >
> > thanks...
> >
> > elisa
> >
> >
> >
> >
> > "Eric Perlin [MS]" <ericperl@online.microsoft.com> wrote in message
> > news:#VGEA4nmDHA.2080@TK2MSFTNGP10.phx.gbl...
> > > If the certificate from the default container is not what you want,
you
> > need
> > > to enumerate containers on the card (CryptGetProvParam with
> > > PP_ENUMCONTAINERS). For these additional containers, you can follow
the
> > > procedure found in propcert.
> > > --
> > > Eric Perlin [MS]
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > ---
> > >
> > > "Elisa" <elisa.vacchieroNO@SPAMcsystem.it> wrote in message
> > > news:#wufz7jmDHA.988@TK2MSFTNGP10.phx.gbl...
> > > > hi,
> > > > I'm writing an application to sign documents with a certificate
> located
> > in
> > > a
> > > > smart card.
> > > > I'm using a csp given by the card producer.
> > > >
> > > > The program I wrote so far can sign documents with the private key
> > > > associated to a certificate that has yet been imported from the
smart
> > card
> > > > to "MY" personal store by another program (also given by the card
> > > producer).
> > > >
> > > > My problem is: the certificate this program exports is not the one I
> > want
> > > to
> > > > use to sign!
> > > >
> > > > So my question :
> > > > How can I have a direct access to the smart card to select the right
> > > > certificate ?
> > > > (As suggested in another post, I looked at PropCert.cpp but it
doesn't
> > > work)
> > > >
> > > > Is there a simple cryptoapi function to use?
> > > >
> > > > Thanks for your attention
> > > >
> > > >
> > > > elisa
> > > >
> > > >
> > >
> > >
> >
> >
>
>



Relevant Pages

  • Elisa Media Center 0.5.17 Release
    ... The Elisa team is happy to announce the release of Elisa Media Center ... Elisa is a cross-platform and open-source Media Center written in Python. ... This release brings its usual lot of bug fixes and important performance ...
    (comp.lang.python.announce)
  • Elisa Media Center 0.5.16 Release
    ... The Elisa team is happy to announce the release of Elisa Media Center ... This release brings its usual lot of bug fixes and introduces new ... A complete list of the new features and bugs fixed by this release is ... Elisa 0.5.16 "La Gallina Feliz" ...
    (comp.lang.python.announce)
  • Elisa Media Center 0.5.18 Release
    ... The Elisa team is happy to announce the release of Elisa Media Center ... Elisa is a cross-platform and open-source Media Center written in Python. ... This release brings its usual lot of bug fixes and exciting new ... plugins, update the installed plugins, enable/disable plugins on the fly ...
    (comp.lang.python.announce)
  • Re: USB - wince5.0 (Activesync Suspend/Resume bug)
    ... But I still can't fix the bug, ... KivenLee 寫道: ... did a complete clean by hand before rebuilding both the CSP ... Dave Peverley ...
    (microsoft.public.windowsce.platbuilder)
  • Elisa Media Center 0.5.14 Release
    ... The Elisa team is happy to announce the release of Elisa Media Center ... The focus during this release cycle has been put on Windows ... functionalities and bug fixing. ... Bug reports and feature requests are welcome at ...
    (comp.lang.python.announce)