I've made some progress with this. Here's what I've managed to do so far
and how...
I've managed to install a DSA certificate and private key using Xenroll
under Win98. I haven't tested the certificate as yet. This is the first
time I've seen a DSA user certificate in windows.
I then tried to export the DSA certificate as a PKCS#12 file. The result
was it seemed to work until the very last stage when a little alert box
appeared with title "Certificate manager export wizard" and text "The
export failed Not implemented". This suggests to me that at least in my
version of MSIE DSA isn't supported in PKCS#12. You may have more luck
with later versions. I'll see if there's any official MS comment in the
CryptoAPI lists.
Anyway here's how I did things with Xenroll. I used the control as
normal to create a certificate request as a file except I set the
Xenroll property "ProviderType" to 3 which is the DSS provider type.
Things then proceed as normal but the request uses a DSS key. [Side note
the process seems a little suspicious because it allegedly generates DSS
parameters too but it is *far* too fast].
After installing the signed certificate it now appears in the list but
it can't be exported.
If you need any more info on using Xenroll to do this (it is documented
in MSDN) I'll expand a little on the process.
You can also set the ProviderName property to your CSP name and it
should call it. This might be the easiest way to get a certificate using
your CSP into CryptoAPI.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
