Re: CryptAcquireContext problem

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 01/28/04

Next message: Drew Cooper [MSFT]: "Re: schannel.dll, secur32.dll, and DSCLIENT.EXE redistribution"

Previous message: John Banes [MS]: "Re: CryptAcquireContext problem"
In reply to: John Banes [MS]: "Re: CryptAcquireContext problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Jan 2004 20:13:01 -0500

There is a discussion on when you can should CRYPT_VERIFYCONTEXT at:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q238187&ID=KB;EN-US;Q238187

This includes symmetric key generation and use for encryption/decryption, hashing etc..
I remember however that some of the MSDN samples don't follow this good advice :-)

- Mitch Gallant
MVP Security

"John Banes [MS]" <jbanes@online.microsoft.com> wrote in message
news:uTxxopT5DHA.2064@TK2MSFTNGP11.phx.gbl...
> Using the default key container (the one with a name of NULL) turns out to
> be a really bad idea, and frequently causes problems such as this.
>
> If your application doesn't need to use a persistant private key, then you
> should call CryptAcquireContext with NULL for the pszContainer parameter and
> CRYPT_VERIFYCONTEXT for the dwFlags parameter. When called this way,
> CryptAcquireContext should essentially never fail.
>
> If your application does need a persistent private key, then you should give
> its key container a unique name. GUIDs work well for this.
>
> Regards,
> John Banes
> [Microsoft Security Developer]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send email directly to this alias. This alias is for newsgroup
> purposes only.
>
> "bluecrest" <bluecrest_cn@hotmail.com> wrote in message
> news:e0xbpAJ5DHA.1936@TK2MSFTNGP12.phx.gbl...
> #include "stdafx.h"
> #include <windows.h>
> #include <wincrypt.h>
>
> int main(int argc, char* argv[])
> {
> HCRYPTPROV hProv;
>
> if(!CryptAcquireContext(&hProv,
> NULL,
> NULL,
> PROV_RSA_FULL,
> 0))
> {
> if(GetLastError() == NTE_BAD_KEYSET )
> {
> CryptAcquireContext(&hProv,
> NULL,
> NULL,
> PROV_RSA_FULL,
> CRYPT_NEWKEYSET);
> }
> else
> return FALSE;
> }
>
> if(!CryptAcquireContext(&hProv,
> NULL,
> NULL,
> PROV_RSA_FULL,
> 0))
> return FALSE;
>
> return 0;
> }
>
> the first CryptAcquireContext the return value is zero,
> the second CryptAcquireContext takes long time to return ,the return value
> is zero?
> Any ideas what could be causing this behavior?
>
>

Next message: Drew Cooper [MSFT]: "Re: schannel.dll, secur32.dll, and DSCLIENT.EXE redistribution"

Previous message: John Banes [MS]: "Re: CryptAcquireContext problem"
In reply to: John Banes [MS]: "Re: CryptAcquireContext problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]