Re: CPSignHash error 80090008

From: iandoll (iandoll_at_yahoo.com)
Date: 12/22/04

Next message: Stefan Cuypers: "Re: Handle leak in Windows 2003 Authorization Manager?"
Previous message: Valery Pryamikov: "Re: database password and encryption"
In reply to: Doug Barlow: "Re: CPSignHash error 80090008"
Next in thread: Doug Barlow: "Re: CPSignHash error 80090008"
Reply: Doug Barlow: "Re: CPSignHash error 80090008"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Dec 2004 11:08:58 -0800

Thanks Doug,

I have used AT_SIGNATURE (2), but when I put AT_KEYEXCHANGE (1) then
there is NO
Error!
What should I use in case of client authentication?

And on the first look everything working fine, except that I got
"page cannot be displayed"
So, I didn't get to https site :) Following functions are called (in
this order), and every call seems to be ok.

- CPAcquireContext
- CPCreateHash (ALG_ID=0x00008008)
- CPSetHashParam (dwParam=0x2)
- CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE) returns 128 as size
- CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE, *pcbSigLen=128)
pbSignature has some value
- CPDestroyHash
- CPReleaseContext

After that I get "The page cannot be displayed" in IE. When I try with
same cert,
but using default CSP, then everything working fine.

Here is code how I tell certificate to use my CSP, maybe is problem in
it:

pCertContext = ... load CERT ...

CRYPT_KEY_PROV_INFO keyProv;
memset(&keyProv, 0, sizeof(CRYPT_KEY_PROV_INFO));

keyProv.pwszProvName = L"MyCSP Provider";
keyProv.dwProvType = PROV_RSA_SCHANNEL;
//keyProv.dwKeySpec = AT_SIGNATURE;
keyProv.dwKeySpec = AT_KEYEXCHANGE;

if (!CertSetCertificateContextProperty(
pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
CERT_STORE_NO_CRYPT_RELEASE_FLAG, //CERT_STORE_NO_CRYPT_RELEASE_FLAG
&keyProv)) {
printf("ERROR:CertSetCertificateContextProperty:[%x]\n",GetLastError());
}

Now, when I go to desired HTTPS, windows loads my client certificate
(for this site) and invoke MyCSP.

Is this everythnig what I need to do, or something else should be done?
Thanks,
Ian

Next message: Stefan Cuypers: "Re: Handle leak in Windows 2003 Authorization Manager?"
Previous message: Valery Pryamikov: "Re: database password and encryption"
In reply to: Doug Barlow: "Re: CPSignHash error 80090008"
Next in thread: Doug Barlow: "Re: CPSignHash error 80090008"
Reply: Doug Barlow: "Re: CPSignHash error 80090008"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: List of CSP functions called during Client Authentication
... When SSL client authentication is done, the CSP associated with the client ... crypto associated with the SSL connection is performed using the default ... PROV_RSA_SCHANNEL CSP. ... > one be kind enough to tell me which are those CSP functions? ...
(microsoft.public.platformsdk.security)
WebClient using Certificate Auth
... we need to have our application access a web server and download files etc. ... Is there a way that the WebClient object can use a client certificate to ... what would be "the second best" way to do client authentication? ...
(microsoft.public.dotnet.security)
List of CSP functions called during Client Authentication
... In the Smart Card Cryptographic Service Provider Cookbook, a list of CSP ... functions are written for Client Authentication which are ...
(microsoft.public.platformsdk.security)
Re: CALG_SSL3_SHAMD5 support for ClientAuthentication
... There should be no connection. ... If all you want is to use your CSP for client authentication, ...
(microsoft.public.platformsdk.security)
Client Authentication
... When i'm using the SSLSteam class, and i want to do a Client authentication, ... must my client certificate be stored in the current user's "MY" store? ...
(microsoft.public.dotnet.security)