Re: How do we get the private key to do digital signature?

On Mar 31, 3:37 pm, "antonyliu2...@xxxxxxxxx"
<antonyliu2...@xxxxxxxxx> wrote:
I've written a certification authority (CA). When my web users apply
for X.509 certificate from this CA, a VBScript generates within
Internet Explorer a public/private key pair and the Cert Signing
Request in PKCS#10 format. Such data are sent to the CA for a
certificate.

When the user tries to log into his online account, I would like to
let the client side digitally sign something (e.g., the user name or
email) with the user's private key and send it to my web application.

I assume that the public/private key pair is maintained by Internet
Explorer or the Windows system. But how do I get the user's private
key? I think this must be done with VBScript and the CryptoAPI. But
I have no idea where to start. Can you guys give me a hint?

Thank you so much!

AL

I have done some research about this. It looks like CAPICOM is the
thing I should use.

I have two questions for gurus who have experiences in CAPICOM about
the sample code listed at the following URL:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

/***********************************/
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "MY", _
CAPICOM_STORE_OPEN_READ_ONLY)
Signer.Certificate = MyStore.Certificates.Item(1)
/***********************************/

I think in my situation (see my first post in this thread), a cert
owner's private key is stored somewhere in Internet Explorer. So,

Q1: How can the VBScript code access the corresponding keystore? In
particular, what does "MY" mean in the above code? Can we name it
anything we like or is it a standard name of the keystore of the
current user?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

For those who are puzzled by this screen snapshot, it is a dialog box
Internet Explorer pops up when the web server requires client
authentication through digital certificates. The web application user
can then select the appropriate certificate and hit OK to submit it to
the web server.

Thank you very much.

.

Relevant Pages

  • How do we get the private key to do digital signature?
    ... for X.509 certificate from this CA, ... Internet Explorer a public/private key pair and the Cert Signing ... I assume that the public/private key pair is maintained by Internet ... I think this must be done with VBScript and the CryptoAPI. ...
    (microsoft.public.platformsdk.security)
  • Importing certificate in IE using VBS
    ... Does anyone know how to import a certificate in Internet Explorer ... during logon using vbscript? ...
    (microsoft.public.scripting.vbscript)
  • Re: Cannot connect to RWW using IE 7
    ... In the Reset Internet Explorer Settings dialog box, ... Certificate Error: Navigation Blocked - Windows Internet Explorer ... Microsoft Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Browser Problems
    ... Open Internet Explorer, click Tools> Internet Options ... Unselect "Check for server certificate revocation" ... K. Windows Update requires ports 80 and 443 ... Type "regsvr32 softpub.dll" ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • [NT] Internet Explore HTTPS Certificate Attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL ... There is a flaw in the way Internet Explorer checks HTTPS objects that are ... Explorer does only check if the certificate of the HTTPS server is ... Internet Explorer will only check if the cert was signed by a trusted CA ...
    (Securiteam)