Custom CSP in Office 2003?

I've developed a custom CSP (with private key stored on smartcard).
Using it through CryptoAPI, everything works fine. I've also signed
documents successfully with it using Acrobat Writer, and the SignedData
sample HTML page in CAPICOM 2.0.

However, in Office 2003 (tested using Word and Excel), I found my CSP
isn't called at all - the data I logged in DLLMain never appears. Is
there any requirement for a custom CSP to be used in Office 2003?

How can I debug the problem? I suspect something is wrong in how I link
up the certificate to my custom CSP?

Thank you for your attention.



Here's information about my CSP:

Provider type is PROV_RSA_SIG.
CALG_SHA1 is the only supported hashing algorithm.
CALG_RSA_SIGN is the only supported signing algorithm.
Encryption/Decryption are naturally not supported.

The testing environment is a Windows XP Prof. SP2 running in VMWare,
kernel debugged via named pipe by the hosting machine (which is a XP
Prof. SP2 iteself).

These registry entries are written by my CSP DLL's DLLRegisterServer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<CSP
provider name>\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<CSP
provider name>\Image Path = ...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<CSP
provider name>\SigInFile = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<CSP
provider name>\Signature = ...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<CSP
provider name>\Type = 2

Here's how I register the certificate into system cert store:
int result = 0;
do {
// Open cert store
certStore = CertOpenSystemStore(NULL, L"MY");
if (certStore == NULL) {
_tprintf(_T("Unable to access certificate store: 0x%08x.\n"),
GetLastError());
result = 1;
break;
}
// Read in certificate
certFile = _tfopen(certPath, _T("rb"));
if (certFile == NULL) {
_tprintf(_T("Certificate file %s unreadable: 0x%08x.\n"), certPath,
GetLastError());
result = 1;
break;
}
certSize = _filelength(_fileno(certFile));
if (certSize == 0) {
_tprintf(_T("Certificate file %s is likely not a valid certificate:
0x%08x.\n"), certPath, GetLastError());
result = 1;
break;
}
cert = new BYTE[certSize];
if (cert == NULL) {
_tprintf(_T("Insufficient memory: 0x%08x.\n"), GetLastError());
result = 1;
break;
}
certSize = fread(cert, sizeof(BYTE), certSize, certFile);
if (certSize == 0) {
_tprintf(_T("Certificate file %s is likely not a valid certificate:
0x%08x.\n"), certPath, GetLastError());
result = 1;
break;
}
/*
// Create certificate context
certContext = CertCreateCertificateContext(X509_ASN_ENCODING, cert,
certSize);
if (certContext == NULL) {
_tprintf(_T("Certificate file %s cannot be parsed: 0x%08x.\n"),
certPath, GetLastError());
result = 1;
break;
}
// Add certificate into store
if (!CertAddCertificateContextToStore(certStore, certContext,
CERT_STORE_ADD_REPLACE_EXISTING, &addedCertContext)) {
_tprintf(_T("Certificate cannot be added to certificate store:
0x%08x.\n"), GetLastError());
result = 1;
break;
}
*/
if (!CertAddEncodedCertificateToStore(certStore, X509_ASN_ENCODING,
cert, certSize, CERT_STORE_ADD_REPLACE_EXISTING, &addedCertContext)) {
_tprintf(_T("Certificate cannot be added to certificate store:
0x%08x.\n"), GetLastError());
result = 1;
break;
}

// Modify newly added certificate's parameter
CRYPT_DATA_BLOB nameBlob;
nameBlob.cbData = (_tcslen(friendlyName) + 1) * sizeof(TCHAR);
nameBlob.pbData = (BYTE*) friendlyName;
if (!CertSetCertificateContextProperty(addedCertContext,
CERT_FRIENDLY_NAME_PROP_ID, 0, &nameBlob)) {
_tprintf(_T("Unable to modify certificate friendly name property:
0x%08x.\n"), GetLastError());
result = 1;
break;
}
CRYPT_KEY_PROV_INFO CryptKeyProvInfo;
CryptKeyProvInfo.pwszProvName = provName;
CryptKeyProvInfo.pwszContainerName = NULL;
CryptKeyProvInfo.dwProvType = PROV_TYPE;
CryptKeyProvInfo.dwFlags = 0;
CryptKeyProvInfo.cProvParam = 0;
CryptKeyProvInfo.rgProvParam = NULL;
CryptKeyProvInfo.dwKeySpec = AT_SIGNATURE;
if (!CertSetCertificateContextProperty(addedCertContext,
CERT_KEY_PROV_INFO_PROP_ID, 0, &CryptKeyProvInfo)) {
_tprintf(_T("Unable to modify certificate provider information
property: 0x%08x.\n"), GetLastError());
result = 1;
break;
}
// Completed
_tprintf(_T("Certificate %s imported to system certificate store and
set to use CSP %s.\n"), certPath, provName);
result = 0;
} while (FALSE);

.

Relevant Pages

  • RE: How to use custom CSP with Outlook?
    ... You need a certificate for the email address you want to use and that cert ... your provider where you store the private key). ... > I wondered how I may use my custom CSP with outlook. ...
    (microsoft.public.platformsdk.security)
  • How to use custom CSP with Outlook?
    ... I wondered how I may use my custom CSP with outlook. ... the certificate somewhat with the CSP, and the e-mail of the Outlook account ...
    (microsoft.public.platformsdk.security)
  • Re: How to use custom CSP with Outlook?
    ... Where is the CSP saved in Certificate? ... >> I wondered how I may use my custom CSP with outlook. ...
    (microsoft.public.platformsdk.security)
  • Re: SmartCard CSP and CA certificate enrollment
    ... Store for each of the two keys in the ... 'default' container on the smart card. ... CSP Design & Development Consulting ... enrolls for a certificate, the Certificate Enrollment Wizard offers the ...
    (microsoft.public.platformsdk.security)
  • RE: Storing certificate on a hardware token (SC)
    ... The usual way is to get context to the token's CSP (each token vendor has its ... Next you create a container and within that ... KP_CERTIFICATE to add the cert to the key. ... Note that in order to use the certificate from generic Windows applications ...
    (microsoft.public.platformsdk.security)