allan juul wrote:
I do not think that this is possible. I have not worked much with MS Crypto API, but browsing in MSDN (e.g http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp) gives me the impression that if a key is marked non-exportable by the OS you'll have to hack Windows' internal Database to get the private key.
beeing new to openssl (as well as ssl) here's a couple of naive questions.
i have a (perl)script in which i need to log on into a digital signature protected website. the script can do it with a pkcs12 certificate, but now i wish to do it with my default certificate which was installed directly into MSIE.
Apparenly when i installed this certificate way back i have done this with the private key marked as *not-exportable*, so when i now try to export [via the MSIE export wizard] a copy of the certificate i only get the "No, do not export the private key" option. which then results in a DER (or base64) encoded option.
my problem is that i cannot log into the website via the script with this kind of certificate i guess because the private key is missing.
1) i guess its pretty obvious, but is it correct that it is _not_ possible to make a pkcs12 copy of the certificate when the private key is not-exportable ?
Where did you get the key from? If IE generated the key itself and you didn't back it up I think it's lost for OpenSSL.
2) since the browser (MSIE) can be used to log in to this website i reckon a script using the same certificate should be able to do the same. but how do i use the certificate in a script, when the certificates private key is protected as non-exportable ?
I guess you might do it somehow using MS Crypto API.
many thanks
./allan
Ted ;)
-- PGP Version: 2.6.3i Public Key Information Download complete Key from ftp://ftp.convey.de/ted/tedkey.asc Key fingerprint = 26 A9 0C 25 60 15 2C B2 D0 F3 A2 31 3D 35 F3 95
smime.p7s
Description: S/MIME Cryptographic Signature
