Ziacek Martin wrote:
>
> -----Original Message-----
> From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 12, 1999 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with import PKCS12 to Windows
>
> Thank for answer.
>
> One way to resolve this is to import a DSA private key and certificate
> into CryptoAPI using CryptoAPI calls directly (e.g. CryptImportKey()
> with a DSA PRIVATEKEYBLOB) and linking the two up and see if
> applications work properly.
> Well, I think, it is not very simple. My CSP is able to generated public and
> private keys, but
> certmgr.exe does not see it, simply because certificate store is located in
> another part of registry
> (and of course, applications do not see these keys).
> I think, certificate store is in
> HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
> And for example, MS providers use
> HKEY_CURRENT_USER\Software\Microsoft\Cryptography.
> I think (I will check it), MS Outlook reads from certificate store both
> public and private keys of selected
> certificate, import it to provider, then encrypt/decrypt/sign/verify e-mail
> and then delete keys from CSP store.
>
> However, I did not find description of these registry keys (in Resource Kit
> for Windows NT Server
> you can find help file for registry keys). It means, I do not know format of
> these registry values,
> and I though, this will be latest option - I will try it.
>
You don't need to know the format of the registry entries: you can use
CryptoAPI to access them. It should be possible to add a certificate to
a system store ("MY" probably) and set its properties to point to a key
on the relevant CSP.
I haven't been able to find any info about the PRIVATEKEYBLOB format for
a DSA/DSS key though there is some documentation in CryptGenKey() and
CryptSetKeyParam() relating to DSS/DSA keys.
I can't find any usable info about creating DSA/DSS keys with Xenroll
either: there's apparently no way to supply the parameters. It may
however be possible to use an existing keyset though and handle things
that way.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
