decryption problem with SC (0x800900d error)

From: "Moty" <miauris@xxxxxxxxx>
Date: 10 Nov 2006 00:09:56 -0800

I'm trying to write an application which will decode an enveloped
message using a private key from a smartcard.

The smartcard has 2 pairs of keys ( one AT_SIGNATURE and one
AT_KEYEXCHANGE). With the "signing" pair I can sign/verify &
encrypt/decrypt with no problems.

With the "encryption" pair I can sign/verify & encrypt at will, but
when it comes to decryption I get the 0x800900d error in a call to
CryptMsgControl(CMSG_CTRL_DECRYPT) even though a call to
CryptAcquireCertificatePrivateKey was made before that and ended in
success.

I was able to decrypt the same enveloped message with a commercial
app.!

This is my code:

CryptMsgGetParam(
hMsg,
CMSG_RECIPIENT_INFO_PARAM,
index,
NULL,
&cbInfo))

pCertInfo = (CERT_INFO*) malloc(cbInfo);

if(!CryptMsgGetParam(
hMsg,
CMSG_RECIPIENT_INFO_PARAM,
index,
pCertInfo,
&cbInfo))
{
return FALSE;
}

if(!(pCertContext = CertGetSubjectCertificateFromStore(
hStoreHandle,
MY_ENCODING_TYPE,
pCertInfo)))
{
return FALSE;
}

//--------------------------------------------------------------------
// Get the certificate private key info

DWORD dwKeySpec;
BOOL xx;

if(!CryptAcquireCertificatePrivateKey(
pCertContext,
0,
NULL,
&hCryptProv,
&dwKeySpec,
&xx))
{
return FALSE;
}

//--------------------------------------------------------------------
// Begin decryption

memset(&dPara,0,sizeof(CMSG_CTRL_DECRYPT_PARA));
dPara.cbSize = sizeof(CMSG_CTRL_DECRYPT_PARA);
dPara.dwKeySpec = dwKeySpec;
dPara.hCryptProv = hCryptProv;
dPara.dwRecipientIndex = index;

if(!CryptMsgControl(
hMsg,
0,
CMSG_CTRL_DECRYPT,
&dPara))
{
DWORD xdw = GetLastError();
return FALSE;
}

The code works, because I've tested it with other certs and even with
the "signing" pair!

I ran out of ideas! Any suggestion is welcomed! Thanks!

.

Follow-Ups:
- Re: decryption problem with SC (0x800900d error)
  - From: Moty

Prev by Date: Re: Access check for inherited permission
Next by Date: Re: SslStream weakness
Previous by thread: Re: Access check for inherited permission
Next by thread: Re: decryption problem with SC (0x800900d error)
Index(es):
- Date
- Thread

Relevant Pages

CryptMsgControl decryption problem ("key does not exist") help!!!
... message using a private key from a smartcard. ... The smartcard has 2 pairs of keys (one AT_SIGNATURE and one ... DWORD dwKeySpec; ...
(microsoft.public.platformsdk.security)
Re: How are key rings on SmartCard and key rings on CSP Container rela
... but since there is only one private/public key set on the Smartcard, ... > information about what CSP to be used and which ... > container contains the corresponding private key. ... >> Keysets created with the SmartCard keysets? ...
(microsoft.public.platformsdk.security)
Re: USB Tokens
... It's not the certificate that gives you security. ... Smartcards, store the private ... the smartcard can perform private key operations ...
(Focus-Microsoft)
RE: Password prompts when signing with smartcard
... The prompt to input the smartcard pin is shown by the Smartcard CSP ... while the application code is attempting to access the RSA private key ...
(microsoft.public.dotnet.framework.clr)
=?ISO-8859-15?Q?private_Key_auf_Smartcard_schreiben_=28?= =?ISO-8859-15?Q?und_nat=FC
... Da ich über einen SmartCard ... Form der Karte überall verfügbar zu haben und nicht auf der Platte ... die möglichst kostenlos verfügbar sein sollte, ich den private Key auf ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
(de.comp.security.misc)