Importing a PFX using CNG APIS on Vista

From: raraks@xxxxxxxxx
Date: Mon, 25 Feb 2008 15:52:34 -0800 (PST)

I am trying to import an ECDSA PFX onto a smartcard using CNG apis on
Vista.

CryptAcquireCertificatePrivateKey using the appropriate flags yields
an Ncrypt_key_Handle. However NCryptExportKey using the returned key
handle always fails with "The requested operation is not supported."

Call in question looks like
ss =
NcryptExportKey(ncrypt_key_handle_returned_from_CryptAcquireCertificatePriv
ateKey,
NULL,
BCRYPT_ECC_PRIVATE_BLOB,
NULL,
....) always returns 0x80090029

What I want to be able to do is - export the private key blob, export
the certificate, then use the Scard CNG provider to import the private
key and the certificate onto the smartcard ...

Is this the correct way to do things ?

Any pointers would be appreciated ...

.

Prev by Date: Re: User access rights within process on Vista
Next by Date: RE: HowTo Purge Windows (Server 2003) logon session
Previous by thread: Re: User access rights within process on Vista
Next by thread: Problem in using cryptoki.
Index(es):
- Date
- Thread

Relevant Pages

RE: Relative Security Provided by Cached Domain Credentials?
... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
(Focus-Microsoft)
Re: SmartCards
... Smartcards can contain many authentication id's. ... client certificates can be stored on the smartcard. ... The user must provide the PKI ... certificate. ...
(Security-Basics)
Re: Setting up AD (W2K3) for SmartCard Authentication
... The SmartCards can log into on AD Forest, ... Looked that the article on 3rd party CA's, ... Does the certificate contain the user's UPN in the subject alternative name ... Does the DomainController's certificate contain the SmartCard Logon ...
(microsoft.public.security)
Re: Key archival and smartcard CSP
... the first question is that does your smartcard ... CSP allow the public/private key pair to be imported into its own store? ... > - When the certificate has been issued, i get the container name and the ...
(microsoft.public.platformsdk.security)
Re: Removing smartcard certificates from the Microsoft Certificate Store (possible MCS API defect)
... You friend comes over, plugs in his smartcard, his certificate is automatically transferred over to the Microsoft Certificate Store, he takes out his smartcard and the system is set to go. ... When a client arrives to the office the client's smartcard is inserted into the lawyer's PC and the client's certificate is transferred over to the Microsoft Certificate Store. ... The lawyer and client do their thing, client takes out his smartcard and leaves. ...
(microsoft.public.platformsdk.security)