Re: How do we get the private key to do digital signature?

---

• From: "antonyliu2002@xxxxxxxxx" <antonyliu2002@xxxxxxxxx>
• Date: 9 Apr 2007 12:23:55 -0700

---

On Apr 8, 2:24 pm, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx> wrote:

<antonyliu2...@xxxxxxxxx> wrote in message

news:1176007627.547728.127110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx>
wrote:

<antonyliu2...@xxxxxxxxx> wrote in message

news:1175531495.829203.325530@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> On Apr 2,
2:13 am, Kalle Olavi Niemitalo <k...@xxxxxx> wrote:

"antonyliu2...@xxxxxxxxx" <antonyliu2...@xxxxxxxxx> writes:

= snip

Anyone has a hint about my 2nd question, repeated below?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

From CAPICOM, you can use:
MyStore.Certificates.Find(....)
http://msdn2.microsoft.com/en-us/library/aa376505.aspx
to return another Certificates object which matches the criterion you
specify.
e.g. with the FindType argument set at
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME,
you can enter the SubjectName string or a substring of it and the
Certificate object will turn one item.

- Mitch Gallant
MVP Security
www.jensign.com

Hi, Mitch,

Thank you. I have started to look into the CAPICOM services. The MSDN
CAPICOM reference says:

Function Find( _
ByVal FindType As CAPICOM_CERTIFICATE_FIND_TYPE, _
[ ByVal varCriteria As Variant ], _
[ ByVal bFindValidOnly As Boolean ] _
) As Certificates

And exactly like what you said, we can retrieve a cert by find_type
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, and speicifying the
subject_name, for example, "John Doe".

But, in my situation, my web application requires client side
authentication through X.509 digital certificate. The web browswer
will popup a dialog box like the one below for the user to select his/
her cert and proceed.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Suppose the user selects "Hillary Clinton", how do I know in my
VBScriptwhat has been selected? In other words, how do does the
VBScriptcode communicate with the IE popup dialog box?

I think you'd need to make the https (SSL) connection directly from yourVBSCriptcode using something similar to HTTPWebRequest. I think I did that
some time back .. can't remember. Search for that sort of COM object in vbs.
Should be similar to this .NET approach:
http://groups.google.com/group/microsoft.public.dotnet.security/brows...
where you add client certificates to the request before it is actually made.
- Mitch- Hide quoted text -

- Show quoted text -

OK, thanks for the hint. The .NET approach of yours handles cert
stuffs on the server side. I have done this in Java, like generating
x.509 certs, encrypting/decrypting with key pairs. But I have no clue
how a token (for example a short string) can be signed on the client
side, using either vbscript or javascript.

.

---

• Follow-Ups:
  • Re: How do we get the private key to do digital signature?
    • From: Mitch Gallant

• References:
  • Re: How do we get the private key to do digital signature?
    • From: antonyliu2002@xxxxxxxxx
  • Re: How do we get the private key to do digital signature?
    • From: Kalle Olavi Niemitalo
  • Re: How do we get the private key to do digital signature?
    • From: antonyliu2002@xxxxxxxxx
  • Re: How do we get the private key to do digital signature?
    • From: Mitch Gallant
  • Re: How do we get the private key to do digital signature?
    • From: antonyliu2002@xxxxxxxxx
  • Re: How do we get the private key to do digital signature?
    • From: Mitch Gallant

• Prev by Date: RE: AES 128 CryptEncrypt problem ,help me thanks
• Next by Date: Re: How do we get the private key to do digital signature?
• Previous by thread: Re: How do we get the private key to do digital signature?
• Next by thread: Re: How do we get the private key to do digital signature?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How do we get the private key to do digital signature? ... code seems to be retrieving the first certificate in the keystore. ... How do I retrieve from the keystore the certificate which the user has ... Internet Explorer pops up when the web server requires client ... (microsoft.public.platformsdk.security) Re: How do we get the private key to do digital signature? ... code seems to be retrieving the first certificate in the keystore. ... How do I retrieve from the keystore the certificate which the user has ... There are a number of smaller VBS with CAPICOM samples here: ... (microsoft.public.platformsdk.security) Re: How do we get the private key to do digital signature? ... code seems to be retrieving the first certificate in the keystore. ... How do I retrieve from the keystore the certificate which the user has ... There are a number of smaller VBS with CAPICOM samples here: ... (microsoft.public.platformsdk.security) Re: How do we get the private key to do digital signature? ... code seems to be retrieving the first certificate in the keystore. ... How do I retrieve from the keystore the certificate which the user has ... have a good study of the MSDN CAPICOM documentation. ... (microsoft.public.platformsdk.security) Re: How do we get the private key to do digital signature? ... code seems to be retrieving the first certificate in the keystore. ... How do I retrieve from the keystore the certificate which the user has ... I will try to work on the VBScript code ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2007-04