Re: CryptAcquireContext problem

From: John Banes [MS] (jbanes_at_online.microsoft.com)
Date: 01/28/04

Next message: Michel Gallant: "Re: CryptAcquireContext problem"
Previous message: Michel Gallant: "Re: PKCS #7 with Certification Path for a single certificate..."
In reply to: bluecrest: "CryptAcquireContext problem"
Next in thread: Michel Gallant: "Re: CryptAcquireContext problem"
Reply: Michel Gallant: "Re: CryptAcquireContext problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Jan 2004 17:02:21 -0800

Using the default key container (the one with a name of NULL) turns out to
be a really bad idea, and frequently causes problems such as this.

If your application doesn't need to use a persistant private key, then you
should call CryptAcquireContext with NULL for the pszContainer parameter and
CRYPT_VERIFYCONTEXT for the dwFlags parameter. When called this way,
CryptAcquireContext should essentially never fail.

If your application does need a persistent private key, then you should give
its key container a unique name. GUIDs work well for this.

Regards,
John Banes
[Microsoft Security Developer]

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"bluecrest" <bluecrest_cn@hotmail.com> wrote in message
news:e0xbpAJ5DHA.1936@TK2MSFTNGP12.phx.gbl...
#include "stdafx.h"
#include <windows.h>
#include <wincrypt.h>

int main(int argc, char* argv[])
{
HCRYPTPROV hProv;

if(!CryptAcquireContext(&hProv,
  NULL,
  NULL,
  PROV_RSA_FULL,
  0))
{
  if(GetLastError() == NTE_BAD_KEYSET )
  {
   CryptAcquireContext(&hProv,
    NULL,
    NULL,
    PROV_RSA_FULL,
    CRYPT_NEWKEYSET);
  }
  else
   return FALSE;
}

if(!CryptAcquireContext(&hProv,
  NULL,
  NULL,
  PROV_RSA_FULL,
  0))
  return FALSE;

return 0;
}

the first CryptAcquireContext the return value is zero,
the second CryptAcquireContext takes long time to return ,the return value
is zero?
Any ideas what could be causing this behavior?

Next message: Michel Gallant: "Re: CryptAcquireContext problem"
Previous message: Michel Gallant: "Re: PKCS #7 with Certification Path for a single certificate..."
In reply to: bluecrest: "CryptAcquireContext problem"
Next in thread: Michel Gallant: "Re: CryptAcquireContext problem"
Reply: Michel Gallant: "Re: CryptAcquireContext problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: CryptAcquireContext fails with error 6 (The handle is invalid)
... CryptAcquireContext(&sm_hCryptProv,NULL,NULL, PROV_RSA_FULL, ... The key container created with CRYPT_MACHINE_KEYSET by an administrator can ... be accessed only by its creator and by the local system account unless ... access rights to the container are granted using CryptSetProvParam. ...
(microsoft.public.platformsdk.security)
Re: CryptAquireContext
... but using the default key container is a bad idea since you have no ... "David Horton" wrote in message ... What are the parameters to CryptAcquireContext? ... >> Is it possible that the failing workstation, ...
(microsoft.public.platformsdk.security)
A question about CRYPT_MACHINE_KEYSET flag from CryptAcquireContext
... I have a question about implementation of my CSP key container with CRYPT_MACHINE_KEYSET flag in CryptAcquireContext ...
(microsoft.public.platformsdk.security)
Re: A question about CRYPT_MACHINE_KEYSET flag from CryptAcquireContext
... the machine key container are placed under \Documents and ... CRYPT_MACHINE_KEYSET flag in CryptAcquireContext ... > of interest is a machine key container and the CSP treats it as such." ...
(microsoft.public.platformsdk.security)
Re: CryptAcquireContext problem
... > CryptAcquireContext should essentially never fail. ... > Please do not send email directly to this alias. ... > the first CryptAcquireContext the return value is zero, ...
(microsoft.public.platformsdk.security)