Crypto API on Windows CE
- From: sjain06 <sjain06@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Mar 2007 12:47:08 -0700
Hi,
I am working on the Crypto API on Windows CE 5.0 platform.
I have a data file and a seperate .sig file containing its digital signature
and two certificates that chain to the root certificate. This .sig file is of
the pkc7 format.
I am trying to validate the data file is signed by that digital signature as
a first step. Ultimately, I have to validate that the digital signature
chains to the root
certificate that I have in a 3rd file.
I am trying to use CryptVerifySignature for validating the digital signature.
Here is what I have done so far:
1) CryptAcquireContext
2) CryptCreateHash
3) Read in the data file and add data to the hash object using CryptHashData.
4) From the .sig file, extract the digital signature and the first
certificate that contains the public key.
It is done in the following way:
HCRYPTMSG hMsg;
hMsg = CryptMsgOpenToDecode(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, // Encoding type
0, // Flags
0,
0,
NULL, // Recipient information
NULL))
//Read in the .sig file and pass a pointer to the buffer below.
CryptMsgUpdate(
hMsg, // Handle to the message
pbSignature, // Pointer to the encoded BLOB
cbEncodedBlob, // Size of the encoded BLOB
TRUE)
//Extract the digital signature from the encoded blob
CryptMsgGetParam(
hMsg, // Handle to the message
CMSG_ENCRYPTED_DIGEST, // Parameter type
0, // Index
pDigitalSig // Address for returned
// information
&dwDigSigSize)
//Extract the first certificate from the encoded blob
CryptMsgGetParam(
hMsg, // Handle to the message
CMSG_CERT_PARAM, // Parameter type
0, // Index
pFirstCert, // Address for returned
// information
&dwFirstCertSize))
CERT_INFO * pFirstCertStruct = (CERT_INFO *) pFirstCert;
5) Now, I have a pointer to the certificate. I have to create a handle to
the public key using CryptImportKey.
When I try get the public key of this certificate from pFirstCertStruct, it
seems to be uninitialized.
Do I have to create a certificate context using the certificate and then
extract the public key from it to be passed to CryptImportKey?
For creating the certificate context, I have to pass the encoding type to
it. In my case, the encoding is PKCS_7_ASN_ENCODING.
However, the documentation for the certificate APIs on Windows CE 5.0
suggests that currently, only X509_ASN_ENCODING is used. A call to
CertCreateCertificateContext with PKCS_7_ASN_ENCODING returned NULL.
Is there any other way this can be achieved in Windows CE 5.0?
I am also looking at using the "CryptMsgControl" API alternatively for
validating the signature.
Do I need to create the certificate context before passing in the CERT_INFO
pointer to CryptMsgControl API also?
-Thanks,
--
sjain06
.
- Prev by Date: sspi encryption error on vista
- Next by Date: Re: Debug privileges
- Previous by thread: sspi encryption error on vista
- Next by thread: Machine Identification System
- Index(es):
Relevant Pages
|
