Re: How to exchange certificate ?

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 01/11/04 

Date: Sun, 11 Jan 2004 11:25:15 -0500

Hi Richard,
Which functions cause problems and what error messages?
There is pretty good documentation and samples on this at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/creating_and_receiving_enveloped_data_messages.asp

Note that the emphasis in CryptoAPI is on CMS/PKCS#7 Enveloped Data
messages (whereas standard Java 2 does not natively support directly generating
PKCS#7 messages, but only basic PKCS1 signatures and encryption blocks).

Are you specifying the correct certificate and store of the recipient after
you import the cert?

If you want to compare with Java you should really be comparing Java against
.NET crypto :-)

- Mitch Gallant
   MVP Security
   http://pages.istar.ca/~neutron

"Richard Grossman" <richard@goldmail.net.il> wrote in message
news:ecNU5OE2DHA.3140@tk2msftngp13.phx.gbl...
> Hi,
>
> I try to write an application who use certificate in personal store (With
> private key). But in PKI we encrypt with the public key of the receiver and
> he can open with his private key.
> Now I generate with OpenSSL a p12 file and import into a windows MY
> certificate storage. But the receiver have to receive the public part of
> this certificate to be able to use it to encrypt a message back.
> I've try to export from certificate storage as DER or p7b format but in any
> case after reimport i can't use the certificate to encrypt a message:
> Here the flow:
>
>
> (p12 in MY Store) >> Export as p7b without privatekey >> reimport the p7b
> >> Unable the encrypt message (p7b contain a public key).
>
> I'm really confused by microsoft approach of PKI it's really much easier in
> java.
>
> Please help.
>
>
>

Relevant Pages

  • Encryption in .NET and CryptoAPI Certificate Stores
    ... Briefly, it demonstrates how to use CryptoAPI store certificates, or X509 ... easily changed) that has been used to encrypt file binary data. ... certificate to decrypt the encrypted session key. ...
    (microsoft.public.dotnet.security)
  • Encryption in .NET and CryptoAPI Certificate Stores
    ... Briefly, it demonstrates how to use CryptoAPI store certificates, or X509 ... easily changed) that has been used to encrypt file binary data. ... certificate to decrypt the encrypted session key. ...
    (microsoft.public.platformsdk.security)
  • RE: EFS File Share Help
    ... And your roaming profile cannot work properly. ... If user tries to encrypt a remote file/folder stored ... user, and subsequently requests, or generates a self-signed EFS ... The certificate and private key are loaded in a local profile ...
    (microsoft.public.windows.server.sbs)
  • Re: Security flaw in how Outlook verifies digital signatures
    ... > Security Flaw with Digital signatures in Microsoft Outlook - ... > Emails in Microsoft Outlook digitally signed with S/MIME using either ... > a commercial personal certificate like Verisign or using a certificate ... whom the certificate was assigned that used it to sign or encrypt the ...
    (microsoft.public.outlook)
  • Re: About EFS and local certificate that I want to export in SBS
    ... It's probably not a good practice to let users encrypt data otherwise, ... It's a two-second thing to install the CA - on the SBS ... I just have to do what you say if I have a certificate authority ...
    (microsoft.public.windows.server.sbs)