EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using a private key from the local machine store

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#617
Posted: 07/04/2006 08:19:07
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I'm trying to sign a PDF document using a private key which is stored in the local machine store.
The certificate in the local machine store has a non exportable private key and I verify this by using mmc to look at the local machine certificate store (the key icon is shown in the certificate property dialog)

My code is:
SystemStore.StorageType = TSBStorageType.stSystem;
SystemStore.AccessType =
TSBStorageAccessType.atLocalMachine;
SystemStore.SystemStores.BeginUpdate();
try
{
SystemStore.SystemStores.Clear();
SystemStore.SystemStores.Add("MY");
}
finally
{
SystemStore.SystemStores.EndUpdate();
}

and later...

Cert = SystemStore.get_Certificates(0);
if (Cert.PrivateKeyExists == false)
throw new Exception("Certificate does not have a private key");
#618
Posted: 07/04/2006 08:27:57
by Ken Ivanov (EldoS Corp.)

Please check that you are referring the right certificate (using its subject and issuer fields). Most likely, the store contains some other certificate that does not has an associated private key.
#619
Posted: 07/04/2006 08:33:34
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

The store has only one certificate.
I didn't show all the code but I'm in fact getting the certificate by doing a SystemStore.FindByHashSHA1 operation so I'm certain the correct one is received.
#620
Posted: 07/04/2006 08:36:20
by Eugene Mayevski (EldoS Corp.)

1) What operating system do you use?
2) Please try moving the certificate to CurrentUser
storage and see if you can use this certificate.


Sincerely yours
Eugene Mayevski
#622
Posted: 07/04/2006 09:14:15
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I use Windows 2000 professional
Putting the private key in the current user store and changing the code to remove the atLocalMachine managed to sign the PDF.
However, I need the private key to be stored in the local machine since I'm using it from a service application.
#625
Posted: 07/04/2006 10:37:50
by Eugene Mayevski (EldoS Corp.)

And how exactly did you *add* the certificate to LocalMachine storage?

I'm asking this since I tried adding with SecureBlackbox and with MMC. In both cases the certificate is useable after this.


Sincerely yours
Eugene Mayevski
#658
Posted: 07/09/2006 07:30:08
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I used PFXImportCertStore API function.
I think I managed to find the problem. It had to do with the imported certificate demanding that the user will confirm its usage.
Thanks
#659
Posted: 07/09/2006 07:36:03
by Eugene Mayevski (EldoS Corp.)

Quite interesting, I tested high protection level (which requies that the user enters the password) and everything worked. Did you run your code from the service application? In this case, no wonder that the problem existed.


Sincerely yours
Eugene Mayevski
#661
Posted: 07/10/2006 02:35:26
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

Yes. I'm not 100% sure that the problem was related to the protection issued but when I tried using a different certificate obtain from another CA without any protection their was no problem.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 5949 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!