AcquireCredentialsHandle (Schannel) -- please HELP!

igorchirkov2005_at_yahoo.com
Date: 03/14/05

• Next message: Jonny Larson: "Obtaining digital signature info"
• Previous message: WakA: "Custom GINA environment settings and credentials in windows xp?"
• Next in thread: igorchirkov2005_at_yahoo.com: "Re: AcquireCredentialsHandle (Schannel) -- please HELP!"
• Reply: igorchirkov2005_at_yahoo.com: "Re: AcquireCredentialsHandle (Schannel) -- please HELP!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 14 Mar 2005 11:14:08 -0800

Please help!!! I've been banging my head against the wall for 2 weeks.
I read all relevant MSDN documentation, I searched this group
thoroughly but I couldn't find any useful information.

1. I create a certificate programmatically in the LOCAL MACHINE store
("ROOT" or "MY", doesn't matter).

2. I DO set the CRYPT_KEY_PROV_INFO.

3. Now I can access the private key of the newly created certificate by
reading CRYPT_KEY_PROV_INFO and calling CryptAcquireContext() and then
CryptGetUserKey()

4. BUT I CANNOT access the private key directly by calling
CryptAcquireCertificatePrivateKey() which I believe does step 3
internally.

5. Most importantly, AcquireCredentialsHandle() also fails to access
the private key which I understand also does step 3 internally. Why
such inconsistence?

6. I am creating and accessing this certificate under the same account
which is a member of the local admin group.

But! if I create the same certificate in the CURRENT USER store, there
are no such problems and everything works just fine.

Are there any special consdirations when creating a cert in the LOCAL
MACHINE store? Does it need to be ACLed in some tricky way?

I can physically access (open, read, delete) the private key file
created in the machine keyset which is in the "All users" profile.
Which seems logical because it is MY key. I CREATED IT! But Schannel
can't access it! Please help!
What am I doing wrong?

---

• Next message: Jonny Larson: "Obtaining digital signature info"
• Previous message: WakA: "Custom GINA environment settings and credentials in windows xp?"
• Next in thread: igorchirkov2005_at_yahoo.com: "Re: AcquireCredentialsHandle (Schannel) -- please HELP!"
• Reply: igorchirkov2005_at_yahoo.com: "Re: AcquireCredentialsHandle (Schannel) -- please HELP!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: SIMple SSL question ?? ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ... (microsoft.public.dotnet.security) RE: SIMple SSL question ?? ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ... (microsoft.public.dotnet.security) Re: Certificates, Keys, Mobile Users, Intended Usage ... Option that you think about uses self signed EFS certificates. ... Better then exporting user's private key as backup is to setup DRA (Data ... there is no EFS certificate and it will generate a new one. ... Mobile computer users benefit from encrypting sensitive ... (microsoft.public.win2000.security) Re: PFXExportCertStoreEx ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ... (microsoft.public.platformsdk.security) Re: EFS On Drive Works With >1 Computer? ... >I just went to Help and Support Center to see if it says anything. ... > agent's private key and certificate, ... > certificate, decrypting the file or folder, and then deleting the imported ... Try to decrypt it on a computer that is not and has ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)