Re: Attaching private key to the existing certificate
From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 02/29/04
- Previous message: Lucas Galfaso: "Re: unknown attr1.3.6.1.4.1.311.17.1 error"
- Next in thread: Innokentiy Ivanov: "Re: Attaching private key to the existing certificate"
- Reply: Innokentiy Ivanov: "Re: Attaching private key to the existing certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 29 Feb 2004 11:55:38 -0800
You need to set CERT_KEY_PROV_INFO_PROP_ID property.
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
"Innokentiy Ivanov" <ivanov@eldos.org> wrote in message
news:eexF1ue$DHA.3668@TK2MSFTNGP09.phx.gbl...
> Hello!
>
> We are looking for solution of the following problem. Is there any way to
> add certificate and its private key to Windows certificate storage
> separately? I.e., on first step we add the certificate without private key
> and on the second step we "attach" the private key to just added
> certificate.
>
> We tried the following code, but it does not work for us:
>
> // HCERTSTORE hSystemStore
>
> // PCCERT_CONTEXT Cert;
>
> // "Certificate" is the instance of own-implemented X.509 certificate
class
>
> hSystemStore = CertOpenSystemStore(0, "ROOT");
>
> if (hSystemStore) {
>
> /* adding the "public" part of certificate (without private key) */
>
> if (!CertAddEncodedCertificateToStore(hSystemStore, X509_ASN_ENCODING,
> Certificate->GetBinary(), Certificate->GetBinarySize(),
CERT_STORE_ADD_NEW,
> &Cert)) {
>
> // error
>
> } else {
>
> /* Trying to attach a private key for just added certificate */
>
> SetPrivateKeyForCertificate(Cert, Certificate);
>
> }
>
> }
>
> //-------skipped-------
>
> void SetPrivateKeyForCertificate(PCCERT_CONTEXT Context,
CElX509Certificate
> *Cert)
>
> {
>
> HCRYPTPROV Prov;
>
> HCRYPTKEY Key;
>
> // creating GUID to use it as a container name
>
> // ....
>
> if (!CryptAcquireContext(&Prov, GuidStr, NULL, PROV_RSA, CRYPT_NEWKEYSET))
>
> {
>
> // error, exiting
>
> } else {
>
> // Cert->PrivateKey points to a MS Private key blob
>
> if (!CryptImportKey(Prov, Cert->PrivateKey, Cert->PrivateKeySize, 0,
> CRYPT_EXPORTABLE or CRYPT_USER_PROTECTED, &Key)) {
>
> CryptReleaseContext(Prov, 0);
>
> // error, exiting
>
> }
>
> if (!CertSetCertificateContextProperty(Context,
> CERT_KEY_PROV_HANDLE_PROP_ID, 0, &Prov)) {
>
> CryptDestroyKey(Key);
>
> CryptReleaseContext(Prov, 0);
>
> // error, exiting
>
> }
>
> CryptDestroyKey(Key);
>
> CryptReleaseContext(Prov, 0);
>
> }
>
> }
>
> All the routines, starting from CertOpenSystemStore and finishing on
> CertSetCertificateContextProperty return successful values. Certificate is
> added to the ROOT store but Win32 certificate manager does not show that
> private key is available for this certificate.
>
> Please advice us which routines we should use to make this possible.
>
> One more question: is there a "legal" way (like win32 CryptoAPI routine)
to
> convert pkcs#1 RSA private key to MS Key blob? Also it's desired to have
> such a routine for DSA private keys.
>
> Thank you.
>
> Sincerely yours,
>
> Innokentiy Ivanov
>
> EldoS Corp.
>
>
- Previous message: Lucas Galfaso: "Re: unknown attr1.3.6.1.4.1.311.17.1 error"
- Next in thread: Innokentiy Ivanov: "Re: Attaching private key to the existing certificate"
- Reply: Innokentiy Ivanov: "Re: Attaching private key to the existing certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
