'Re: How to decide if there is a private key'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: How to decide if there is a private key
From:       "Ryan M. Hurst" <rmh () WINDOWS ! MICROSOFT ! COM>
Date:       2003-06-06 15:07:02
[Download RAW message or body]

Probably overkill but its OK.



From: H. Mur
Sent: Fri 6/6/2003 4:29 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: How to decide if there is a private key


Thanks Ryan,
this works fine. I additionally check if the CRYPT_KEY_PROV_INFO ->
pwszProvName and CRYPT_KEY_PROV_INFO -> pwszContainerName exists. If the
certs has a CRYPT_KEY_PROV_INFO but no pwszProvName or no pwszContainerName
then I assume that there is no private key. Is this okay or is this an
overkill?

Thanks to all for the help,
Johann





"Ryan M. Hurst" <rmh@WINDOWS.MICROSOFT.COM>@DISCUSS.MICROSOFT.COM> on
05.06.2003 19:17:46

Please respond to Microsoft Cryptographic API
      <CryptoAPI@DISCUSS.MICROSOFT.COM>

Sent by:  Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>


To:   CryptoAPI@DISCUSS.MICROSOFT.COM
cc:

Subject:  Re: How to decide if there is a private key


Oh, any you can see if a certificate has a private key associated with
it by checking if there is a KEY_PROV_INFO property on the certificate.

Ryan

-----Original Message-----
From: Microsoft Cryptographic API
[mailto:CryptoAPI@DISCUSS.MICROSOFT.COM] On Behalf Of H. Mur
Sent: Thursday, June 05, 2003 1:19 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: How to decide if there is a private key

Hi,
I have following situations.

#1: A user imports some certificate from a p12-file and therefore it
also
has the corresponding private key.
#2: The same user also imports the very same certificate a second time
but
now from a cer-file. So, no private key this time.
#3: Both certificate are in differents store (AddressBook and My)

(Okay, I know that this sounds very strange, but I really know people
who
did it exactly this way)
When I start the MMC-snapin for certificate management and examine these
two certificate then MMC tells me that it has a private key for the
first
certificate but it has no private key for the second certificate. Great!

My problem:
My application gets as input the subject / serial / issuer of a
certificate. Then it enumerates all stores and searches for this
certificate in every single store. It can happen that at first it finds
the
certificate that was imported via the cer-file and has therefore no
private
key. Because my application depends on the private key I try to check if
the found certificate has a corresponding private key.

But I could not succeed in this:
CryptAcquireCertificatePrivateKey() reports a correspondig private key
even
if I found the "wrong" certificate
CryptFindCertificateProvInfo() and CryptGetUserKey() also report a
private
key for the "wrong" certificate.

What function should I use in order to get the same result as in the
MMC-snapin?

Any help is appreciated!

Thanks,
Johann

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic