mscapi

I generated X509 certificate with private key using makecert utility makecert -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.cer makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr currentuser -ss my -sky signature —pe Then I converted RootCATest.pvk to RootCATest.pem with OpenSSL. And I extracted public key: pubRootCATest.pem I have small file called 'msg'. And I sign this file using SHA1. openssl dgst -sha1 -sign c:\RootCATest.pem -out c:\openssl c:\msg Then I want to obtain the same digital signature using MS CryptoAPI. Here is my code (Note: this is the

I have a self signed root certificate that I generated in C# using CERTENROLL.dll's CX509CertificateRequest Certificate functionality. I would like to write a function that generates client certificates signed by my root using the same API. However the only CertEnroll option I can find that does not generate a self signed certificate requires a authenticated CA. There seems to be a flag for setting a SignerCertificate but it always fails to initialize. //Initialize cert var cert = new CX509CertificateRequestCertificate(); //take care of signer cert.Issuer = issuen; CSignerCertificate sc = new

I've written a program which is supposed to save and restore a users certificates using the windows Crypto API. I was under the impression that it was working fine but now a user has complained that the private key that was attached to the certificate is invalid after the cert has been restored. I was saving the certificates using: HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_PHYSICAL_W, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG | CERT_STORE_UPDATE_KEYID_FLAG, (PVOID) storeName.c_str()); And then later: if (!CertSaveStore

I want to sign file with the SunMSCAPI provider. As public key and signatures needs to be imported using MS Crypto API. Generally generating signatures with SHA1withRSA , ends up with big-endian to little-endian (byte order) conversion. //generate keystore with java keytool $Keytool -genkey -alias tsign -keystore c:\test\tsignjks.p12 - keyalg rsa -storetype pkcs12 In Java application: //for signing and getting keystore, assuming windows certificate is installed ..ks = KeyStore.getInstance("Windows-MY","SunMSCAPI"); PrivateKey priv = ks.getKey("tsign",password); Signature rsa = Signature

I'm asking this question because I've spent the best part of a day trawling through msdn docs and other opaque sources for simple straightforward guidelines on how to get started with the Windows C/C++ Crypto API. What I'd like to see is some example code, typical include paths, linking guidelines, etc, anything useful really. I know this is an imprecise question but I reckon imprecise answers are better none at all. I'll get the ball rolling with my own meager findings... Gearoid Murphy Here's a bunch of examples I've found.... Example C Program: Listing the Certificates in a Store Example C