Re: Requesting a Key Archival Certificate

From: dot (Stephane)
Date: 01/26/04

Next message: dot: "Re: How to renew a certificate programatically"
Previous message: Krish Shenoy[MSFT]: "Re: PKCS #7 with Certification Path for a single certificate..."
In reply to: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Next in thread: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Reply: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 Jan 2004 13:56:05 -0800

Thanks for your response.

I'm using a smartcard provider CSP but can't display any dialog box to the user. So i need to specify the PP_KEYEXCHANGE_PIN parameter after the CryptAcquireContext for the CSP not to display any PIN request dialog box.
So, i can't use the ICEnroll or IEnroll interface because of that small limitation.

So i re-wrote a function similar to the CreatePKCS10 function using the CrytSignAndEncodeCertificate based on the Example C Program: Making a Certificate Request. Then i sign the PKCS10 certificate with the enrollment agent certificate using CryptSignMessage and it works.

Now my problem is to use the new 2K3 feature about key archival. So regarding the documentation, i need to add the CA encrypted private key to the CryptSignMessage in the unauthenticated parameters, but i have no idea of the format and the OID i should use.

Thanks a lot for your help.

     ----- Krish Shenoy[MSFT] wrote: -----

     Can you elaborate what CSP option that you use that is not supported by
     xenroll? If you need to create a request without using xenroll then you
     would have a create CMC request and that would be a tall order.


     --
     Krish Shenoy[MSFT]
     This posting is provided "AS IS" with no warranties, and confers no rights.

Next message: dot: "Re: How to renew a certificate programatically"
Previous message: Krish Shenoy[MSFT]: "Re: PKCS #7 with Certification Path for a single certificate..."
In reply to: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Next in thread: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Reply: Krish Shenoy[MSFT]: "Re: Requesting a Key Archival Certificate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Requesting a Key Archival Certificate
... So i need to specify the PP_KEYEXCHANGE_PIN parameter after the CryptAcquireContext for the CSP not to display any PIN request dialog box. ... Then i sign the PKCS10 certificate with the enrollment agent certificate using CryptSignMessage and it works. ... If you need to create a request without using xenroll then you> would have a create CMC request and that would be a tall order. ...
(microsoft.public.platformsdk.security)
Re: acceptPKCS7 do not work.
... I use IEnroll4 to create the request and submit it by ICertRequest2 ... > Sorry, I meant to ask, did you used Xenroll to create the request? ... >> I create my request using my smartcard's CSP. ... >> I set ProviderName to my CSP name. ...
(microsoft.public.platformsdk.security)
Re: [9fans] current state of thread programming
... CSP is the best answer to problem involving blocking/waiting on ... multiple optical drives, a request loop requesting n ... a nanosecond timescale. ...
(comp.os.plan9)
Re: Smart Card CSP in certificate request process
... the CSP has been sign. ... I have save the request to file, ... there any way to view the saved file? ... >> default certificate request form, ...
(microsoft.public.platformsdk.security)
Re: Smart Card CSP in certificate request process
... Certutil can be used to display a PKCS10 request. ... "Signature matches Public Key" ... I am not aware of any client or server code associated with the cert server ... the CSP has been sign. ...
(microsoft.public.platformsdk.security)