Decryption using private key from cert store failing with err 8009

From: scott (sjumsdn_at_newsgroup.nospam)
Date: 02/14/05 

Date: Sun, 13 Feb 2005 21:27:02 -0800

I am trying to decrypt using the private key associated with a cert in the
Windows cert store on XP Pro/.net 2003. I get the following error:

CryptDecrypt failed.
Error number 80090005.

Can anyone tell me what I am doing wrong?

Here is my sample program:

#include <iostream>
#include <tchar.h>
#include <windows.h>
#include <wincrypt.h>

using namespace std;

#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)

static void MyHandleError(char *s)
{
    DWORD err = 0;

    err = GetLastError();
    fprintf(stderr,"An error occurred in running the program. \n");
    fprintf(stderr,"%s\n",s);
    fprintf(stderr, "Error number %x.\n", err);
    fprintf(stderr, "Program terminating. \n");
    exit(1);
} // end MyHandleError

int _tmain(int argc, _TCHAR* argv[])
{
    DWORD error = 0;
    PCCERT_CONTEXT pCert = NULL;
    HCERTSTORE hCertStore = NULL;
    HCRYPTPROV hCryptProv = NULL;
    DWORD dwKeySpec = 0;
    DWORD dwCount = 0;
    BOOL fCallerFreeProv = FALSE;
    HCRYPTKEY hPrivKey = NULL;
    BYTE* buf = NULL;

    enum
    {
        MY_BUFSIZE=(32*1024)
       ,MY_DATASIZE=(128)
    };
    buf = new BYTE[MY_BUFSIZE];
    if (!buf)
    {
        MyHandleError("malloc failed.");
    }
    memset(buf, 'A', MY_DATASIZE); // plaintext < bufsize

    //--------------------------------------------------------------------
    // Open My cert store
        if(hCertStore = CertOpenStore(
                CERT_STORE_PROV_SYSTEM, // system store will be a
                                                                // virtual store
                0, // encoding type not needed with this PROV
                NULL, // accept the default HCRYPTPROV
                CERT_SYSTEM_STORE_CURRENT_USER, // set the system store location in the
                                                                // registry
                L"My")) // could have used other predefined
                                                                // system stores
                                                                // including My, Trust, CA, or Root
        {
                // good
        }
        else
        {
                MyHandleError("CertOpenStore failed.");
        }

    //--------------------------------------------------------------------
    // Get the cert for our key pair.
        if(pCert=CertFindCertificateInStore(
                hCertStore, // hCertStore
                MY_ENCODING_TYPE, // use X509_ASN_ENCODING
                0, // no dwFindFlags needed
                CERT_FIND_SUBJECT_STR, // find a certificate with a
                                                        // subject that matches the string
                                                                        // in the next parameter
                L"*.xypro.com", // pvFindPara
                                                                            // in a certificate's subject
            NULL)) // NULL for the first call to the
                                    // function; in all subsequent
                                                                        // calls, it is the last pointer
                                                                        // returned by the function.
        {
        // good
    }
        else
        {
                MyHandleError("CertFindCertificateInStore failed.");
        }

    //--------------------------------------------------------------------
    // Get the handle to hCryptProv (CSP).
    if(!( CryptAcquireCertificatePrivateKey(
        pCert, // pCert
        0, // dwFlags
        NULL, // pvReserved
        &hCryptProv, // phCryptProv
        &dwKeySpec, // pdwKeySpec
        &fCallerFreeProv))) // pfCallerFreeProv
    {
        MyHandleError("CryptAcquireCertificatePrivateKey failed");
    }

    //--------------------------------------------------------------------
    // Get the handle to the private key.
    if(CryptGetUserKey(
        hCryptProv, // hProv
        AT_KEYEXCHANGE, // dwKeySpec
        &hPrivKey)) // out, phUserKey
    {
        //printf("The signature key has been acquired. \n");
    }
    else
    {
        MyHandleError("CryptGetUserKey AT_KEYEXCHANGE failed.");
    }

    dwCount = MY_DATASIZE;
    dwCount = MY_DATASIZE;
    //--------------------------------------------------------------------
    // Decrypt data.

    if(CryptDecrypt(
        hPrivKey, // hKey
        0, // hHash
        TRUE, // BOOL, Final
        0, // dwFlags
        buf, // in, out, pbData
        &dwCount)) // in, out, pdwDataLen
    {
        // good
        printf("Ciphertext has %d bytes\n", dwCount);
    }
    else
    {
        MyHandleError("CryptEncrypt failed.");
    }

    // Clean up.
    CertFreeCertificateContext(pCert);
    CryptReleaseContext(hCryptProv, 0);
    CertCloseStore( hCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
    delete [] buf;

    return 0;
}

Loading