[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: R: Re: How use CrytoAPI with USB Token.
From: "Richard RL. Louapre" <richard.louapre () DOCFLOW ! IT>
Date: 2001-09-18 12:36:49
[Download RAW message or body]
Now the Token works (CryptGetUserKey, and so on ...)
I've tried to use cetificate Token mapped to IE Repository, there's no
problem.
But I cannot access directly to the certificate, What is the way to use
it with Key functions ?
Thanks,
RICHARD.
-----Messaggio originale-----
Da: Patrick Dolan [mailto:Patrick_Dolan@EFUNDS.COM]
Inviato: venerd=EC 3 agosto 2001 11.16
A: CryptoAPI@DISCUSS.MICROSOFT.COM
Oggetto: Re: How use CrytoAPI with USB Token.
Richard,
I suspect you will need to synchronize the token container with the IE
repository in order for the container to be visible to the CryptoAPI. It
sounds as though this is a manual process for Cylink.
NTE_BAD_TYPE indicates that for some reason CryptGetProvParam() does not
accept the PP_ENUMCONTAINERS parameter, although this may change after
synchronization.
You need to use CertOpenStore() or CertOpenSystemStore() (the latter is
easier to use) before calling CertEnumCertificatesInStore() in order to
read certificates from a store. This will only be of any use if IE can
see
the certificate. You can then use the context to identify the
container.
Regards,
Patrick.
Richard LOUAPRE <r.louapre@TIN.IT>@DISCUSS.MICROSOFT.COM> on 02/08/2001
15:51:38
Please respond to Microsoft Cryptographic API
<CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent by: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM
cc:
Subject: Re: How use CrytoAPI with USB Token.
I try with all flags, but it returned always NTE_BAD_TYPE.
It's right that this token use PKCS11, but if Cylink have developper an
CSP
for MS/CAPI.
I think it's possible to access on this Token certificate ? (Right)
When I use IE to wiew certificates, I can't see the Token certificate.
I view it only with Token Application Manager, where I can synchronize
the
Token "Container" with IE Repository.
I don't think that CertEnumCertificatesInStore can help me ?
If I open the store with , CertOpenSystemStore I access of IE Store ?
Is it possible use CetOpenStore to access ?
Thanks a lot for ALL !
Regards,
RICHARD.
-----Message d'origine-----
De : Microsoft Cryptographic API
[mailto:CryptoAPI@DISCUSS.MICROSOFT.COM]De la part de Patrick Dolan
Envoye : jeudi 2 aout 2001 15:55
A : CryptoAPI@DISCUSS.MICROSOFT.COM
Objet : Re: How use CrytoAPI with USB Token.
Richard,
I trust you used CRYPT_FIRST in the dwFlags parameter?
If you get ERROR_NO_MORE_ITEMS then this would indicate that there are
no
containers.
If you get ERROR_MORE_DATA then this would indicate you need to allocate
a
larger buffer to receive the container name. Note, Microsoft default
container names are GUIDs.
I would think the Cylink token comes with a utility that will let you
view
details of the token, for example, keys, certificates etc. Although you
may have a certificate on the token, this will not necessarily mean that
it
is linked to a key container (as this is purely a CAPI requirement).
For
example, PKCS#11 uses slots to identify keys.
Try using IE to view the certificate. This requires that the certificate
in
the token has been mapped to your "MY" certificate store, which may been
done automatically for you by Cylink or Win2000, or by using a Cylink
utility. If you can view the certificate then it should also tell you
whether or not there is an associated key.
If you can view the certificate then an alternative to find the
container
name would be to enumerate the certificates,
CertEnumCertificatesInStore(),
and see if it has a corresponding container using,
CertGetCertificateContextProperty(...,CERT_KEY_PROV_INFO_PROP_ID,...).
Given that the token is demo, it may be restricting some of the
functionality. If the above does not help, you probably need to speak
directly with Cylink.
Regards,
Patrick.
Richard LOUAPRE <r.louapre@TIN.IT>@DISCUSS.MICROSOFT.COM> on 02/08/2001
14:29:40
Please respond to Microsoft Cryptographic API
<CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent by: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM
cc:
Subject: Re: How use CrytoAPI with USB Token.
Patrick, Thanks for your help.
I tried with PP_ENUMCONTAINERS, but no success.
I think this token have a container : there is a certificate stored in
it.
Is there on other way to catch the token container ?
When I try to use the CryptGetUserKey, this function show me a form for
digiting PIN, if I give a wrong PIN, the Error not is the same. Who call
this form (the Token CSP ) ?
Is there an other way to use this Token ?
It's demo kit where I read that compatibility with MS/CAPI.
Regards,
RICHARD.
-----Message d'origine-----
De : Microsoft Cryptographic API
[mailto:CryptoAPI@DISCUSS.MICROSOFT.COM]De la part de Patrick Dolan
Envoye : jeudi 2 aout 2001 13:17
A : CryptoAPI@DISCUSS.MICROSOFT.COM
Objet : Re: How use CrytoAPI with USB Token.
Richard,
The PP_CONTAINER returns the current container, but you opened the
context
using CRYPT_VERIFYCONTEXT which does not open a container. You could
try
using PP_ENUMCONTAINERS.
Not all providers support the PP_SIGNATURE_PIN parameter.
CryptGetUserKey() will not work without a container, you most acquire
context to a specific container before being able to access the keys.
Finally, there may not actually be a container on the token, in which
case
you will need to create it and further generate some public/private keys
for the container.
Regards,
Patrick Dolan.
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic