Re: CPSignHash error 80090008
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 12/22/04
- Previous message: lelteto: "Re: CPSignHash error 80090008"
- In reply to: Doug Barlow: "Re: CPSignHash error 80090008"
- Next in thread: lelteto: "Re: CPSignHash error 80090008"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 14:19:03 -0800
I don't think the RSA FULL provider will understand / allow CALG_SSL3_SHAMD5
as the hash algo. That's why I assumed Ian needs the RSA SSL provider
downstream.
Laszlo Elteto
SafeNet, Inc.
"Doug Barlow" wrote:
> One thing I noticed in your earlier code examples was that in your
> CPAcquireContext routine, you didn't pass the pszContainer parameter to the
> CryptAcquireContext call -- you substituted NULL. This means the keys you
> are using are coming from the default container instead of the container
> named by the certificate information. This could explain the confusion over
> which keyset is to be used, and the signature validation errors.
>
> Lazlo's earlier excellent information on using the PROV_RSA_SCHANNEL
> provider type really only applies to web servers; since it now looks like
> you're trying to do client-side authentication, the PROV_RSA_FULL provider
> type is fine.
>
> Doug Barlow
> The Soft Pedal Shop
> CSP Design & Development Consulting
> http://www.SoftPedal.net
>
> --
> "iandoll" <iandoll@yahoo.com> wrote in message
> news:1103742538.944353.151990@z14g2000cwz.googlegroups.com...
> > Thanks Doug,
> >
> > I have used AT_SIGNATURE (2), but when I put AT_KEYEXCHANGE (1) then
> > there is NO
> > Error!
> > What should I use in case of client authentication?
> >
> > And on the first look everything working fine, except that I got
> > "page cannot be displayed"
> > So, I didn't get to https site :) Following functions are called (in
> > this order), and every call seems to be ok.
> >
> > - CPAcquireContext
> > - CPCreateHash (ALG_ID=0x00008008)
> > - CPSetHashParam (dwParam=0x2)
> > - CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE) returns 128 as size
> > - CPSignHash (dwKeySpec=0x1 <-- AT_KEYEXCHANGE, *pcbSigLen=128)
> > pbSignature has some value
> > - CPDestroyHash
> > - CPReleaseContext
> >
> > After that I get "The page cannot be displayed" in IE. When I try with
> > same cert,
> > but using default CSP, then everything working fine.
> >
> > Here is code how I tell certificate to use my CSP, maybe is problem in
> > it:
> >
> > pCertContext = ... load CERT ...
> >
> > CRYPT_KEY_PROV_INFO keyProv;
> > memset(&keyProv, 0, sizeof(CRYPT_KEY_PROV_INFO));
> >
> > keyProv.pwszProvName = L"MyCSP Provider";
> > keyProv.dwProvType = PROV_RSA_SCHANNEL;
> > //keyProv.dwKeySpec = AT_SIGNATURE;
> > keyProv.dwKeySpec = AT_KEYEXCHANGE;
> >
> > if (!CertSetCertificateContextProperty(
> > pCertContext,
> > CERT_KEY_PROV_INFO_PROP_ID,
> > CERT_STORE_NO_CRYPT_RELEASE_FLAG, //CERT_STORE_NO_CRYPT_RELEASE_FLAG
> > &keyProv)) {
> > printf("ERROR:CertSetCertificateContextProperty:[%x]\n",GetLastError());
> > }
> >
> > Now, when I go to desired HTTPS, windows loads my client certificate
> > (for this site) and invoke MyCSP.
> >
> > Is this everythnig what I need to do, or something else should be done?
> > Thanks,
> > Ian
> >
>
>
>
- Previous message: lelteto: "Re: CPSignHash error 80090008"
- In reply to: Doug Barlow: "Re: CPSignHash error 80090008"
- Next in thread: lelteto: "Re: CPSignHash error 80090008"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
