Re: cxertificates on smart card

From: Elisa (elisa.vacchieroNO_at_SPAMcystem.it)
Date: 11/07/03


Date: Fri, 7 Nov 2003 08:29:51 +0100

you were right: it was a bug of the csp I was using!
thank you very much!

elisa

"Eric Perlin [MS]" <ericperl@online.microsoft.com> wrote in message
news:ec9KBLyoDHA.2272@tk2msftngp13.phx.gbl...
> Side note: by default Win2000 and later systems will automatically
propagate
> certificates for BOTH key types in the default container.
> As such, the certificate you are looking for may already be in MyStore.
>
> Given the code below, are you saying that the first call to
CryptGetKeyParam
> for KP_CERTIFICATE succeeds but that dwCertificate = 0?
> If you are sure that there is a certificate for this key in this
container,
> this looks like a bug in the CSP.
>
> --
> Eric Perlin [MS]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> ---
>
> "Elisa" <elisa.vacchieroNO@SPAMcystem.it> wrote in message
> news:OXdtMgvnDHA.2416@TK2MSFTNGP10.phx.gbl...
> > The problem is that I want the other key (AT_SIGNATURE not
> AT_KEYEXCHANGE!)
> > in the same key container..
> > I've been trying to import this key, but I have some problems with
> > CryptGetUserKey.
> > It doesn't fail, but the value and the lenght of the key in memory
aren't
> > correct!
> >
> > So following functiones that use these key fail with
> > Error number 57
> > Description: The parameter is incorrect.
> >
> > here is the code I wrote for the import:
> >
> >
> > // -------------------------------------------------
> > // acquire context
> >
> > hProv = 0 ;
> > BOOL bCryptAcquireContext = FALSE ;
> > bCryptAcquireContext = CryptAcquireContext(
> > &hProv,
> > "TODO-GUID", // name obtained with CryptGetProvParam
> > "IPMCSP32",
> > PROV_RSA_FULL,
> > // CRYPT_NEWKEYSET
> > 0
> > );
> >
> > if (bCryptAcquireContext)
> > {
> > printf("\n\nProvider created.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptAcquireContext!");
> > }
> >
> >
> > // -------------------------------------------------
> > // CryptGetUserKey (AT_SIGNATURE)
> >
> >
> > if (CryptGetUserKey(hProv,
> > AT_SIGNATURE,
> > &hKey))
> > {
> > printf("\n\nCryptGetUserKey.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetUserKey!");
> > }
> >
> >
> > // -----------------------------------------------------
> > // CryptGetKeyParam (KP_CERTIFICATE)
> >
> > if(CryptGetKeyParam(hKey,
> > KP_CERTIFICATE,
> > NULL, // prima chiamata solo per avere dim
> > &dwCertificate,
> > 0))
> > {
> > printf("\n\nCryptGetKeyParam.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetKeyParam!");
> > }
> >
> >
> > // -----------------------------------------------------
> > // Malloc
> >
> > BYTE* pbCert = NULL;
> > pbCert = (BYTE*)malloc(dwCertificate);
> >
> >
> > // -----------------------------------------------------
> > // CryptGetKeyParam (KP_CERTIFICATE)
> >
> > if(CryptGetKeyParam(hKey,
> > KP_CERTIFICATE,
> > pbCertificate,
> > &dwCertificate,
> > 0))
> > {
> > printf("\n\n CryptGetKeyParam.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CryptGetKeyParam!");
> > }
> >
> >
> > // ------------------------------------------------
> > // CertOpenStore(MY)
> >
> > if (hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
> > MY_TYPE,
> > 0,
> > CERT_SYSTEM_STORE_CURRENT_USER
> > szStore))
> > {
> > printf("\n\nCertOpenStore.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertOpenStore!");
> > }
> >
> >
> > // -------------------------------------------------
> > // CertAddEncodedCertificateToStore
> >
> > if (fResult = CertAddEncodedCertificateToStore(hCertStore,
> > MY_TYPE,
> > pbCertificate,
> > dwCertificate,
> > CERT_STORE_ADD_REPLACE_EXISTING,
> > &pCertContext))
> > {
> > printf("\n\nCertAddEncodedCertificateToStore.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertAddEncodedCertificateToStore!");
> > }
> >
> >
> > // -------------------------------------------------
> >
> > ZeroMemory(&KeyProvInfo, sizeof(KeyProvInfo));
> > KeyProvInfo.pwszProvName = (WCHAR*)"IPMCSP32";
> > KeyProvInfo.pwszContainerName = (WCHAR*)"TODO-GUID";
> > KeyProvInfo.dwKeySpec = AT_SIGNATURE; ;
> > KeyProvInfo.dwProvType = dwProvType;
> >
> > // -------------------------------------------------
> > // CertSetCertificateContextProperty
> > if( fResult = CertSetCertificateContextProperty(pCertContext,
> > CERT_KEY_PROV_INFO_PROP_ID,
> > 0,
> > &KeyProvInfo))
> > {
> > printf("\n\nCertSetCertificateContextProperty.\n");
> > Wait("Press any key to continue.");
> > }
> >
> > else
> > {
> > HandleError("Error during CertSetCertificateContextProperty!");
> > }
> >
> >
> > what could be the problem?
> >
> > thanks...
> >
> > elisa
> >
> >
> >
> >
> > "Eric Perlin [MS]" <ericperl@online.microsoft.com> wrote in message
> > news:#VGEA4nmDHA.2080@TK2MSFTNGP10.phx.gbl...
> > > If the certificate from the default container is not what you want,
you
> > need
> > > to enumerate containers on the card (CryptGetProvParam with
> > > PP_ENUMCONTAINERS). For these additional containers, you can follow
the
> > > procedure found in propcert.
> > > --
> > > Eric Perlin [MS]
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > ---
> > >
> > > "Elisa" <elisa.vacchieroNO@SPAMcsystem.it> wrote in message
> > > news:#wufz7jmDHA.988@TK2MSFTNGP10.phx.gbl...
> > > > hi,
> > > > I'm writing an application to sign documents with a certificate
> located
> > in
> > > a
> > > > smart card.
> > > > I'm using a csp given by the card producer.
> > > >
> > > > The program I wrote so far can sign documents with the private key
> > > > associated to a certificate that has yet been imported from the
smart
> > card
> > > > to "MY" personal store by another program (also given by the card
> > > producer).
> > > >
> > > > My problem is: the certificate this program exports is not the one I
> > want
> > > to
> > > > use to sign!
> > > >
> > > > So my question :
> > > > How can I have a direct access to the smart card to select the right
> > > > certificate ?
> > > > (As suggested in another post, I looked at PropCert.cpp but it
doesn't
> > > work)
> > > >
> > > > Is there a simple cryptoapi function to use?
> > > >
> > > > Thanks for your attention
> > > >
> > > >
> > > > elisa
> > > >
> > > >
> > >
> > >
> >
> >
>
>