RE: Import certificates from tokens

From: Jorge Martínez (JorgeMartnez_at_discussions.microsoft.com)
Date: 07/27/04


Date: Tue, 27 Jul 2004 09:29:35 -0700

Hello Laszlo,

In CryptoAPI reference, there isn't KP_CERTIFICATE value for dwParam input parameter in CryptGetKeyParam function.

In addition, my token CSP doesn't have any key container (CryptGetProvParam(phCryptprov, PP_ENUMCONTAINERS, "", pdwDataLen, dwFlags) returns false) although there is some certificates inside. Key containers must be automatically created for avery certificate?

So, I still can´t retrieve certificates information via CrytoAPI. More ideas?

Thank you,

Jorge

"lelteto" wrote:

> If you have the container it should have a keypair so first get that keypair (CryptGetUserKey with AT_KEYEXCHANGE or AT_SIGNATURE) then get the corresponsing certificate (CrytpGetKeyParam with KP_CERTIFICATE). From that point you have to parse the certificate blob.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Jorge Martínez" wrote:
>
> > Thank you, lelteto for your answer.
> >
> > But now, I have another doubt. I want to show issuer and subject information in a combo from certificates in tokens (user select one to sign a document). With CryptoAPI, if I only have access to the key container (but no certificates) how can I retrieve this information?
> >
> > Thanks,
> >
> > Jorge
> >
> > "lelteto" wrote:
> >
> > > That depends.
> > >
> > > If the token vendor provides a CSP and it's installed on your computer you can enumerate containers on the token. (I assume that on the token you are interested in certs which have corresponsing private key on-token, not some extra CA or root cert.) Most token vendors provide CSP for Windows and in that case you just have to know the proper CSP name. (You can look it up in the Registry.)
> > >
> > > If there are extra certificates on the token and you are interested in those CAPI will not provide a way to get those. In this case you may have to use the token vendor's Cryptoki (PKCS#11) library.
> > >
> > > Laszlo Elteto
> > > SafeNet, Inc.
> > >
> > > "Jorge Martínez" wrote:
> > >
> > > > Hello,
> > > >
> > > > I want to show all certificates from "MY" store and some diferent vendors tokens.
> > > > How can I list all certificartes in the tokens? Can I use CrytoAPI funtions or I need a vendor-dependent dll's? I want the code works with any new token. Is it possible only with CrytoAPÎ?
> > > >
> > > > Thank you very much,
> > > >
> > > > Jorge