RE: How to determin a cert in personal store does have private key

From: cyberninja (cyberninja_at_discussions.microsoft.com)
Date: 09/30/04 

Date: Wed, 29 Sep 2004 17:13:03 -0700

Yes, I think CryptAcquireCertificatePrivateKey is implemented in that way.
If I just want to browse the certs in "MY" store who have a private key, I
can simply check CERT_KEY_PROV_INFO_PROP_ID and CERT_KEY_CONTEXT_PROP_ID.

cyberninja

"lelteto" wrote:

> Yes, you can open the container with CryptAcquireContext - but than again you
> actually GET the private key (well, at least a handle to it) calling
> CryptGetUserKey.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "cyberninja" wrote:
>
> > I think after fetching CERT_KEY_PROV_INFO_PROP_ID from a cert in "My" store,
> > if we can get the current key container via
> > CertGetCertificateContextProperty(), we can determine whether the cert has a
> > private key.
> > Is that right?
> >
> > Thanks
> >
> >
> >
> > "cyberninja" wrote:
> >
> > > From MSDN "
> > > CERT_KEY_PROV_HANDLE_PROP_ID, CERT_KEY_PROV_INFO_PROP_ID, and
> > > CERT_KEY_CONTEXT_PROP_ID
> > > These properties tie a certificate to a particular CSP and, within that CSP,
> > > to a particular private key."
> > >
> > > However, I don't know if I can use the existance of 0-3 of the above prop
> > > ids to determine if a private key is available. In my basic test, it seems
> > > that CERT_KEY_PROV_INFO_PROP_ID is requried for a cert with provate key. Is
> > > that right?
> > >
> > > "cyberninja" wrote:
> > >
> > > > How to determin a cert in personal store does have private key? I know I an
> > > > use CryptAcquireCertificatePrivateKey(), but is there an alternative way to
> > > > do this? (just check if the private key exists)
> > > >
> > > > Thanks

Relevant Pages

  • Re: How do you associate private key with import cert?
    ... IE certificates panel and Certs snapin use. ... panel is that the IE display is filtered (i.e. in MY store, ... and select to include the private key (only possible if the private key has ...
    (microsoft.public.dotnet.security)
  • Signed XML Private Key X509 Certificate WSE 2.0 IssueErrors
    ... XML downstream to their server. ... certificate private key and then send a version of that certificate ... downstream with the public key so that the client can validate the signature. ... All certs ...
    (microsoft.public.dotnet.security)
  • Re: Signed XML Private Key X509 Certificate WSE 2.0 IssueErrors
    ... I might not even use certs. ... Why not load your private key via your private ... .snk file and sign the xml with that. ... The client can grab the public key ...
    (microsoft.public.dotnet.security)
  • Re: importing certificate into "my" store
    ... The usual place to install others certificates (not including root CA certs) is in the "Other" ... certificate store. ... an associated private key, and which are invalid for other reasons (however MMC Certs SnapIn ...
    (microsoft.public.platformsdk.security)
  • Re: WSE2.0--need valid X.509 certs created with Makecert
    ... ASPNET on the certificate's private key file. ... X.509 certs supplied with the WSE2.0 SP2 SDK. ... --the web service will be consumed internally ... The problem I'm having is that the certs I've created so far with Makecert ...
    (microsoft.public.dotnet.framework.webservices.enhancements)