Re: CryptoAPI migration from WinNT to Win2003 server

From: Eric (Eric_at_discussions.microsoft.com)
Date: 01/27/05

  • Next message: Michel Gallant: "Re: CryptoAPI migration from WinNT to Win2003 server" 
    Date: Thu, 27 Jan 2005 09:19:05 -0800

    Thanks Mitch...good info here. I wondered if the CryptGetProvParam was the
    call.

    Appreciate it.

    "Michel Gallant" wrote:

    > The keys are enumerated for the current user (as specified by default in the CryptAcquireContext() call).
    > The enumeration is provided by the CryptoAPI fn:
    > CryptGetProvParam(..) with dwParam = PP_ENUMCONTAINERS
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgetprovparam.asp
    >
    > Since details of how keycontainers are implemented (file system, registry etc..) are platform dependent,
    > and subject to change, the api call above manages those details internally (i.e. no explicit "keycontainer file" is specified).
    >
    > - Mitch
    >
    > "Eric" <Eric@discussions.microsoft.com> wrote in message news:6FAF5CD1-DFAC-46A9-ADCA-ED7F8D4B2642@microsoft.com...
    > > Hi Mitch-
    > >
    > > Took a look at your program. Wonder if I might inquire how you are pulling
    > > the key container from the file system? Are you just doing some file IO and
    > > grabbing the name of the files off the system for a particular profile?
    > >
    > > Thanks
    > >
    > > Eric
    > >
    > > "Michel Gallant" wrote:
    > >
    > > > If you have .NET runtime installed, here is a keycontainer utility
    > > > which might help:
    > > > http://www.jensign.com/JavaScience/dotnet/keypal
    > > >
    > > > - Mitch Gallant
    > > > MVP Security
    > > >
    > > > "CryptoAPI migration from WinNT to Win200" <CryptoAPI migration from WinNT to Win200@discussions.microsoft.com> wrote in message
    > > > news:D4FB2ADE-5F38-42B4-8D82-34A38FADFFC5@microsoft.com...
    > > > > Hello-
    > > > >
    > > > > Can anyone help me to understand how to enumerate through the key containers
    > > > > (for specific profiles) on a windows 2003 server?
    > > > >
    > > > > CryptAquireContext does grab the active key container, but if the system has
    > > > > multiple key containers for a particular user profile I am not seeing the
    > > > > solution to knowing/grabbing all the key containers? Where this would be
    > > > > benifical for me is for say the export process where I want to export
    > > > > multiple key containers to another system.
    > > > >
    > > > > There is a longer explination below if anyone is interested in greater
    > > > > detail of what I am trying to do.
    > > > >
    > > > > Any suggestions or help for things to look at for this software migrations
    > > > > would be greatly appreciated.
    > > > > Thanks
    > > > > ***************
    > > > >
    > > > > I currently am trying to migrate a program written durning the Windows NT
    > > > > 4.0 days to windows 2003 server. This program implements the CryptoAPI and
    > > > > WinReg api.
    > > > >
    > > > > Basically, the issue revolves around accessing the key containers on the
    > > > > system the application is installed on. For WinNT 4.0 the storage of the key
    > > > > containers was in the registry. So the program would enumerate through the
    > > > > registry space grabbing the key containers (ie in an export).
    > > > >
    > > > > Obviously, the key containers are stored in a different location (profile
    > > > > based on the file system) in the newer OS'es. It seems all the cryptoAPI
    > > > > calls still function correclty. My issue resides in the fact that I need to
    > > > > change how the cryptoAPI accesses the key containers (since the change was in
    > > > > registry access).
    > > > >
    > > >
    > > >
    > > >
    >
    >
    >

  • Next message: Michel Gallant: "Re: CryptoAPI migration from WinNT to Win2003 server"