[Continued] How to export Ceritificate and Private Key as a PFX fi
From: RelyKY (RelyKY_at_discussions.microsoft.com)
Date: 09/30/04
- Next message: Ryan Menezes [MSFT]: "Re: Signing hash with private key"
- Previous message: Michael Leung: "Signing hash with private key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 19:53:02 -0700
Previous Question (9/23):
> Dear all:
> I make a RSA key pair with Crypto API, and store them in PC. Then sign
> the corresponding Certificate with the CSR file generated by the RSA key
> pair.
> And, I use Crypto API, "CertAddCertificateContextToStore()" to enroll
> the certificate to the certificate store in PC. Before enrolling, I had
> used
> API,"CertSetCertificateContextProperty()", to set up the
> property,"CERT_KEY_PROV_INFO_PROP_ID", in order to relate the Certificate
> to
> the key pair.
>
> And then, viewing the certificate from PC (using IE browser), the
> certificate viewer shows that "The Certificate has a corresponding private
> key.". But when I want to save/export it as a PFX file (using the
> certificate
> viewer), it says "Can't find the related private key.".
>
> Do you know any step I miss?
> Thanks so much!
>
Dear ALL:
Thank you first. I had read the replied message.
Well, my private key can be export. I call the APIs
"CryptAcquireContext", "CryptGetUserKey", "CryptExportKey", to export
"PRIVATEKEYBLOB". that ensure the private key is exporable.
I also call "CertGetCertificateContextProperty(
...CERT_KEY_PROV_INFO_PROP_ID... )" and use
data returned in CRYPT_KEY_PROV_INFO structure as parameters to
CryptAcquireContext, and it's work normally.
However, to call "CryptAcquireCertificatePrivateKey()" is fail always,
when I want to acquire CSP provider context with an indicated certificate. I
think I make mistake to fill the paramter for calling
API,"CertSetCertificateContextProperty", the flowing is the code I filled
"CERT_KEY_PROV_INFO".
//================================================================
//## set provider information
CRYPT_KEY_PROV_INFO keyProvInfo;
keyProvInfo.pwszContainerName = (LPWSTR) "My Key Storage"; //<---[I fill a
multi-character string. Is it right?]
keyProvInfo.pwszProvName = (LPWSTR) "Microsoft Enhanced Cryptographic
Provider v1.0";
keyProvInfo.dwKeySpec = AT_SIGNATURE;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwFlags = 0;
if( !::CertSetCertificateContextProperty(
pCertCtx,
CERT_KEY_PROV_INFO_PROP_ID,
0,
&keyProvInfo))
{
throw ::GetLastError();
}
//## register certificate to certificate store.
if(NULL == (hCertStore = ::CertOpenSystemStore(NULL, sCertStoreName)))
throw ::GetLastError();
//
if( !::CertAddCertificateContextToStore(
hCertStore,
pCertCtx,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertCtx2)) //<--- return a new certificate context
{
throw ::GetLastError();
}
//##...test................
HCRYPTPROV hCryptProv = NULL;
DWORD dwKeySpec = 0;
BOOL fCallerFreeProv = FALSE;
BOOL rv = ::CryptAcquireCertificatePrivateKey(
pCertCtx2, //<---[use this certificate to acquire the corresponding
provider context.]
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
NULL,
&hCryptProv,
&dwKeySpec,
&fCallerFreeProv);
dwErrCode = ::GetLastError();
//#define CRYPT_E_NO_KEY_PROPERTY _HRESULT_TYPEDEF_(0x8009200BL)
<---[this is the error code.]
//================================================================
Do you know any step I miss? And what is the condition to let
"CryptAcquireCertificatePrivateKey()" work normally.
Thanks so much!
- Next message: Ryan Menezes [MSFT]: "Re: Signing hash with private key"
- Previous message: Michael Leung: "Signing hash with private key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
