[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Exporting X509 Certs
From: "Reid Kuhn (Exchange)" <reidk () EXCHANGE ! MICROSOFT ! COM>
Date: 1999-07-30 15:37:16
[Download RAW message or body]
One thing you may want to check:
The default for the filename is unicode if you
don't suffix the CERT_STORE_PROV_FILENAME flag with
_A or _W, so make sure you cast your CString
appropriately...
((const void *) ((LPCWSTR) filename))
-reid-
-----Original Message-----
From: Collin Ng [mailto:collin.ng@COMPAQ.COM]
Sent: Thursday, July 29, 1999 9:02 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Exporting X509 Certs
Hi,
I am having the same problem - exporting with CertSaveStore and can't
import it back. I've went and read the description about CertOpenStore
and it seems to says that :
CERT_STORE_PROV_FILENAME :
Initializes the store with certificates, CRLs, and CTLs from a file. The
provider opens the file and first attempts to read the file as a serialized
store, then as a PKCS #7 signed message, and, finally, as a single encoded
certificate.
I've opened the file and confirmed that it is a PKCS7 "SIGNED Data" file.
So shouldn't it work for this case?
But I am having problem getting it to work with this piece of code :
hFileStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
ENCODING_TYPE,
NULL,
CERT_STORE_OPEN_EXISTING_FLAG,
filename);
if (hFileStore == NULL){
DWORD dwErr = GetLastError();
if (dwErr == ERROR_FILE_NOT_FOUND)
TRACE("CertOpenStore failed with error code
\"ERROR_FILE_NOT_FOUND\"\n");
else
TRACE("CertOpenStore failed with error code %
lX\n",dwErr);
return false;
}
Where "filename" is a CString returned by CFileDialog.
Error code is always "ERROR_FILE_NOT_FOUND".
I know I can get ride of this problem by making the routine copy the file
to a fixed name and location (like L"C:\\cert.dat") but I'm hoping someone
can enlighten me on an elegant method and how this was actually meant to be
used.
Thanks!
On Thu, 8 Apr 1999 11:11:26 -0400, Christopher Welles <cwelles@IRE-MA.COM>
wrote:
>Greg:
>
>These functions won't serve your purpose because they expect a single X.509
>encoded certificate as input. If you want to import a PKCS7 file
containing one
>or more certificates, you need to take the certificates out of the PKCS7
>"envelope". To do this:
>
> * read the PKCS7 file into a buffer
> * open the buffer as a certificate store -
> CertOpenStore(CERT_STORE_PROV_PKCS7, ...),
> * enumerate the certificates in the store - CertEnumCertificatesInStore
(),
> and
> * add each cert to the appropriate system store -
> CertAddCertificateContextToStore()
>
>___________________________________________________________________
>Christopher Welles w (978) 739 4593
>IRE Secure Solutions http://www.ire-ma.com
>Hear clips from my new upbeat folk/swing CD:
http://www.outrageousFortune.com
>
>
>"Sturniolo, Gregory" wrote:
>
>> Is there an analogous CAPI function for reversing the CertSaveStore
method
>> (i.e. to import an entire store)? This method works very well to export
>> certificates, but I'm having trouble programmatically re-importing them
once
>> I've finished. Certmgr imports everything fine, but I can't seem to be
able
>> to import them using the CAPI. I've tried:
>>
>> if (!CertAddEncodedCertificateToStore(hStore,
>> X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, pbCertificate, cbCertificate,
>> CERT_STORE_ADD_ALWAYS, NULL))
>> {
>> DWORD s = GetLastError();
>> // more error handling
>> }
>>
>> and also:
>>
>> pCertContext =
>> CertCreateCertificateContext(X509_ASN_ENCODING|PKCS_7_ASN_ENCODING,
>> pbCertificate,
>> cbCertificate);
>>
>> if (pCertContext == NULL)
>> {
>> DWORD s = GetLastError();
>> // more error handling
>> }
>>
>> // Add that context to the certificate store
>> if (!CertAddCertificateContextToStore(hStore, pCertContext,
>> CERT_STORE_ADD_REPLACE_EXISTING, NULL) )
>> {
>> DWORD s = GetLastError();
>> // more error handling
>> }
>>
>> Neither of these work. Is there something else I'm missing?
>>
>> Thanks,
>>
>> Greg Sturniolo
>> RWD Technologies, Inc.
>> gsturniolo@rwd.com
>>
>
>----------------------------------------------------------------
>Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
>contains important info including how to unsubscribe. Save time, search
>the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic