Re: CPSignHash error 80090008
From: Doug Barlow (soft_pedal_at_hotmail.com)
Date: 12/22/04
- Next message: lelteto: "RE: Decrypting RSA signature using public key fails"
- Previous message: Andrus Moor: "Decrypting RSA signature using public key fails"
- In reply to: iandoll: "Re: CPSignHash error 80090008"
- Next in thread: lelteto: "Re: CPSignHash error 80090008"
- Reply: lelteto: "Re: CPSignHash error 80090008"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 21:54:26 GMT
One thing I noticed in your earlier code examples was that in your
CPAcquireContext routine, you didn't pass the pszContainer parameter to the
CryptAcquireContext call -- you substituted NULL. This means the keys you
are using are coming from the default container instead of the container
named by the certificate information. This could explain the confusion over
which keyset is to be used, and the signature validation errors.
Lazlo's earlier excellent information on using the PROV_RSA_SCHANNEL
provider type really only applies to web servers; since it now looks like
you're trying to do client-side authentication, the PROV_RSA_FULL provider
type is fine.
Doug Barlow
The Soft Pedal Shop
CSP Design & Development Consulting
http://www.SoftPedal.net
--
"iandoll" <iandoll@yahoo.com> wrote in message
news:1103742538.944353.151990@z14g2000cwz.googlegroups.com...
> Thanks Doug,
>
> I have used AT_SIGNATURE (2), but when I put AT_KEYEXCHANGE (1) then
> there is NO
> Error!
> What should I use in case of client authentication?
>
> And on the first look everything working fine, except that I got
> "page cannot be displayed"
> So, I didn't get to https site :) Following functions are called (in
> this order), and every call seems to be ok.
>
> - CPAcquireContext
> - CPCreateHash (ALG_ID=0x00008008)
> - CPSetHashParam (dwParam=0x2)
> - CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE) returns 128 as size
> - CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE, *pcbSigLen=128)
> pbSignature has some value
> - CPDestroyHash
> - CPReleaseContext
>
> After that I get "The page cannot be displayed" in IE. When I try with
> same cert,
> but using default CSP, then everything working fine.
>
> Here is code how I tell certificate to use my CSP, maybe is problem in
> it:
>
> pCertContext = ... load CERT ...
>
> CRYPT_KEY_PROV_INFO keyProv;
> memset(&keyProv, 0, sizeof(CRYPT_KEY_PROV_INFO));
>
> keyProv.pwszProvName = L"MyCSP Provider";
> keyProv.dwProvType = PROV_RSA_SCHANNEL;
> //keyProv.dwKeySpec = AT_SIGNATURE;
> keyProv.dwKeySpec = AT_KEYEXCHANGE;
>
> if (!CertSetCertificateContextProperty(
> pCertContext,
> CERT_KEY_PROV_INFO_PROP_ID,
> CERT_STORE_NO_CRYPT_RELEASE_FLAG, //CERT_STORE_NO_CRYPT_RELEASE_FLAG
> &keyProv)) {
> printf("ERROR:CertSetCertificateContextProperty:[%x]\n",GetLastError());
> }
>
> Now, when I go to desired HTTPS, windows loads my client certificate
> (for this site) and invoke MyCSP.
>
> Is this everythnig what I need to do, or something else should be done?
> Thanks,
> Ian
>
- Next message: lelteto: "RE: Decrypting RSA signature using public key fails"
- Previous message: Andrus Moor: "Decrypting RSA signature using public key fails"
- In reply to: iandoll: "Re: CPSignHash error 80090008"
- Next in thread: lelteto: "Re: CPSignHash error 80090008"
- Reply: lelteto: "Re: CPSignHash error 80090008"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
