I have a service running under the account "NT AUTHORITY\Network
Service", using the mscrypto interface to validate a document,
CryptAquireContext() inside the WinCAPICryptoProvider() constructor
fails. If I run the
service as Administrator on my development platform everything is
fine... However in a restricted live environment, this will not be
allowed.
.. to construct I do
Obj = WinCAPICryptoProvider(NULL, NULL, CRYPT_MACHINE_KEYSET)
... inside WinCAPICryptoProvider() .. It fails when trying to create
// Try to create
if (!CryptAcquireContext(&m_provApacheKeyStore, s_xsecKeyStoreName,
provRSAName, m_provRSAType, dwFlags |
CRYPT_NEWKEYSET)) {
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error obtaining generating internal
key store for PROV_RSA_FULL");
I have tried various combinations of CryptSetProvParams() to try and
grant this crypto provider access to create . But it always fails for
me.
I am way out of my depth when it comes to MSCrypto and (cryptography in
general), can someone point me in the right direction as to what I
should try next?
Do I have to do something extra when calling the constructor?
I have searched previous lists an did not see any mention of this -
please excuse me if it has already been discussed.
