Re: exporting a public key using the cryptoapi



Hello

But what I really want to do is just serialize the existing certificate
with its public key.

Lelteo and I were trying to provide the solutions of retrieving the public
key blob from a certificate, but it appears that your real purpose is to
serialize a certificate context to a .cer file, in other words, to
programmatically do what the certificate export wizard does.

A .cer file is an entire certificate, not just a public key. You can
consider these steps to go from a certificate context to a .cer file.

1. Find the certificate context to be exported. (CertOpenStore,
CertFindCertificateInStore)

2. Open a memory store. (CertOpenStore(CERT_STORE_PROV_MEMORY))

3. Add the certificate context in step1 to the memory store in step2.
(CertAddCertificateContextToStore)

4. Save the memory store to a .cer file. (CertSaveStore)

5. Clean up.

Below is a code example for your reference. It looks for "My Company"
certificate in "MY" store, and exports it (including the public key) to
D:\test.cer with the DER encoded binary X.509 format.


#include "stdafx.h"
#include <windows.h>
#include <Wincrypt.h>

#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)


int _tmain(int argc, _TCHAR* argv[])
{
//-------------------------------------------------------------------
// Open the store.

HCERTSTORE hMemStore = NULL;
if(hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // A memory store
0, // Encoding type not used
NULL, // Use the default HCRYPTPROV
0, // No flags
NULL))
{
printf("The file store was created successfully.\n");
}
else
{
printf("An error occurred during creation of the file store!\n");
exit(1);
}


//-------------------------------------------------------------------
// Open a system store, in this case, the My store.

HCERTSTORE hSysStore = NULL;
if(hSysStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // The store provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
CERT_SYSTEM_STORE_CURRENT_USER, // Set the store location in a
registry location
L"MY" // The store name as a Unicode string
))
{
printf("The system store was created successfully.\n");
}
else
{
printf("An error occurred during creation "
"of the system store!\n");
exit(1);
}

//-------------------------------------------------------------------
// Get a certificate that has lpszCertSubject as its subject.

LPCWSTR lpszCertSubject = L"ABC Company";

PCCERT_CONTEXT pDesiredCert = NULL;

if(pDesiredCert=CertFindCertificateInStore(
hSysStore,
MY_ENCODING_TYPE, // Use X509_ASN_ENCODING.
0, // No dwFlags needed.
CERT_FIND_SUBJECT_STR, // Find a certificate with a subject that
matches the string in the next parameter.
lpszCertSubject , // The Unicode string to be found in a certificate's
subject.
NULL))
printf("The desired certificate was found. \n");
}
else
{
printf("Could not find the desired certificate.\n");
}

if (pDesiredCert)
{
if (CertAddCertificateContextToStore(
hMemStore,
pDesiredCert,
CERT_STORE_ADD_NEW,
NULL))
{
printf("The certificate context was added to the file store.\n");
}
else
{
printf("Could not add the certificate context to the file store.\n");
}
}

// Create the cer file
LPCSTR pszFileName = "D:\\test.cer";
HANDLE hFile = NULL;

if (hFile = CreateFile(
pszFileName, // The file name
GENERIC_WRITE, // Access mode: write to this file
0, // Share mode
NULL, // Uses the DACL created previously
CREATE_ALWAYS, // How to create
FILE_ATTRIBUTE_NORMAL, // File attributes
NULL)) // Template
{
printf("The file was created successfully.\n");
}
else
{
printf("An error occurred during creating of the file!\n");
exit(1);
}

//-------------------------------------------------------------------
// Save the memory store and its certificates to the output file.
if(CertSaveStore(
hMemStore, // Store handle
MY_ENCODING_TYPE,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_FILE,
hFile, // The handle of an open disk file
0)) // dwFlags: No flags are needed here.
{
printf("Saved the memory store to disk. \n");
}
else
{
printf("Could not save the memory store to disk.\n");
exit(1);
}


//-------------------------------------------------------------------
// Clean up.

if(pDesiredCert && CertFreeCertificateContext(pDesiredCert))
{
printf("The certificate context was closed successfully.\n");
}
else
{
printf("An error occurred during closing of the "
"certificate context.\n");
}

if(hSysStore && CertCloseStore(
hSysStore,
CERT_CLOSE_STORE_CHECK_FLAG))
{
printf("The system store was closed successfully.\n");
}
else
{
printf("An error occurred during closing of the "
"system store.\n");
}

if(hMemStore && CertCloseStore(
hMemStore,
CERT_CLOSE_STORE_CHECK_FLAG))
{
printf("The file store was closed successfully.\n");
}
else
{
printf("An error occurred during closing of the file store.\n");
}

if(hFile && CloseHandle(hFile))
{
printf("The file was closed successfully.\n");
}
else
{
printf("An error occurred during closing of the file.\n");
}
return 0;
}

Regards,
Jialiang Ge (jialge@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

=================================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================

.



Relevant Pages

  • Problem Setting Up x.509 Certificates for WSE2.0
    ... I am having trouble following the instructions provided for the sample apps ... certificate store and the local machine certificate store snap-ins. ... MsdnWse2SecuritySamplesClient.cer (Client's public key) -> ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Active Directory Federation Services
    ... that is associated with their profile and the machine itself has a store. ... Just wanted to let you know that I got the cert problem fixed. ... the user certificate store. ... FSP was looking for certs in the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: SMS 2003 SP1 Client Install Problem or Policy Retreival Problem?
    ... > Failed to find running shell process ... >> It is possible that the crypto store has somehow been corrupted. ... >>> The MP is setup and thousands of other clients have access. ... >>> Failed to find the certificate in the store, ...
    (microsoft.public.sms.admin)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)