Re: Problem with AT_SIGNATURE in CryptGetUserKey
From: Pablo J. Royo (PabloJRoyo_at_discussions.microsoft.com)
Date: 07/29/04
- Previous message: Rhett Gong [MSFT]: "Re: CryptImportKey Question"
- In reply to: John Banes [MS]: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Next in thread: lelteto: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Reply: lelteto: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 00:24:02 -0700
Thank you very much for your responses.
As you said, my cert has the purposes you told me, but I have other key/certificate pair of other CA with exactly the same purposes, and I can read it without AT_SIGNATURE.
When I load my private key at startup my programs doesn´t know if it will be used for signing or authentication, and I suppose nothing in the certificate sets how it must be read from CSP.
who, and when, sets which of the two things (AT_EXCHANGE,AT_SIGNATURE) must I use to read a certificate?
If AT_KEYEXCHANGE can be used for any operation, why must I use AT_SIGNATURE with this cert.?
I can't understand the reasons of this way of working.
Thanks again.
"John Banes [MS]" wrote:
> All certificates in the certificate store that have a private key associated
> with them will contain a property (the prov key info property) that points
> at the private key. The KeySpec field of this property specifies whether the
> private key is of type AT_KEYEXCHANGE (1) or AT_SIGNATURE (2).
>
> AT_KEYEXCHANGE private keys can be used for any operation. AT_SIGNATURE keys
> are only valid for signing and verification operations.
>
> Regards,
> John Banes
> [Microsoft Security Developer]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send email directly to this alias. This alias is for newsgroup
> purposes only.
>
> "Walter Poupore [MS]" <waltpo@online.microsoft.com> wrote in message
> news:16EB6E24-9576-4876-A9AA-509DF3CCCE8B@microsoft.com...
> > AT_EXCHANGE is used for the encryption and decryption of session keys.
> > AT_SIGNATURE is used for creating and verifying digital signatures.
> >
> > For the certificates that you claim are similar, examine the key usage
> fields to see if one is for digital signature (AT_SIGNATURE) and the other
> is for key encipherment (AT_EXCHANGE). (You can exmaine the key usage fields
> through the Certificates MMC snap-in.)
> >
> > --
> > Walter Poupore [MS]
> > --
> > This posting is provided "As Is" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> >
> > "Pablo J. Royo" wrote:
> >
> > > Hello
> > >
> > > I have a PFX cert and key stored in my system, for which I must use
> AT_SIGNATURE in CryptGetUserKey( ) function to access it correctly. If I use
> AT_KEYEXCHANGE then this function fails, but this does not happen whith
> other very similar certificates.
> > > Any idea what is this due to?
> > > I can´t see what´s the difference between AT_KEYEXCHANGE and
> AT_SIGNATURE.
> > > Thanks
>
>
>
- Previous message: Rhett Gong [MSFT]: "Re: CryptImportKey Question"
- In reply to: John Banes [MS]: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Next in thread: lelteto: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Reply: lelteto: "Re: Problem with AT_SIGNATURE in CryptGetUserKey"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
