Re: Callback function to handle CRYPT_USER_PROTECTED action
From: WT (wyt168_at_newsgroup.nospam)
Date: 09/14/05
- Previous message: ulevanon_at_gmail.com: "Re: Couldn't find the SignTool.exe in the PSDK.."
- In reply to: Rhett Gong [MSFT]: "RE: Callback function to handle CRYPT_USER_PROTECTED action"
- Next in thread: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
- Reply: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Sep 2005 11:45:36 -0700
Hi, Rhett:
>From the MSDN document on PFXImportCertStore regarding the
CRYPT_USER_PROTECTED flag, it states that "the user is to be notified
through a dialog box or other method when certain attempts to use this key
are made. The precise behavior is specified by the CSP being used". So it
appears that the underlying CSP would monitor the setting of the
CRYPT_USER_PROTECTED setting and prompt the user for the pwd. I don't know
how easy it is to hook a CSP but my guess is it prob. won't be an easy
task.It may be easier to write a custom wrapper CSP and intercept the calls,
do the work before the default MS base CSP is called. But the question what
CryptoSPI calls should I monitor and intercept? Any suggestions as to what
calls (relating to private key) to monitor?
Regards,
Winston
"Rhett Gong [MSFT]" <v-raygon@online.microsoft.com> wrote in message
news:$2A2qxDuFHA.3848@TK2MSFTNGXA01.phx.gbl...
> Hello Winston,
> I would say that there is no supported way to hook up a callback function
> for a cert protected by the CRYPT_USER_PROTECTED flag.
> But as a way, you may take a look at API hooking mechanics. I searched
> web, and find following articles on API Hook:
> http://www.codeproject.com/system/hooksys.asp
> And "Windows NT System-Call Hooking" , by Mark Russinovich and Bryce
> Cogswell, Dr.Dobb's Journal January 1997
> http://www.ddj.com/documents/s=945/ddj9701e/
>
> Hope this helps.
>
> Rhett Gong [MSFT]
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp&SD=msdn
>
> This posting is provided "AS IS" with no warranties and confers no rights.
>
> This response contains a reference to a third-party World Wide Web site.
> Microsoft is providing this information as a convenience to you. Microsoft
> does not control these
> sites and has not tested any software or information found on these sites;
> therefore, Microsoft cannot make any representations regarding the
> quality, safety, or suitability of
> any software or information found there. There are inherent dangers in the
> use of any software found on the Internet, and Microsoft cautions you to
> make sure that you
> completely understand the risk before retrieving any software from the
> Internet.
>
- Previous message: ulevanon_at_gmail.com: "Re: Couldn't find the SignTool.exe in the PSDK.."
- In reply to: Rhett Gong [MSFT]: "RE: Callback function to handle CRYPT_USER_PROTECTED action"
- Next in thread: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
- Reply: Rhett Gong [MSFT]: "Re: Callback function to handle CRYPT_USER_PROTECTED action"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
