EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using a private key from the local machine store

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
Posted: 07/04/2006 08:19:07
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I'm trying to sign a PDF document using a private key which is stored in the local machine store.
The certificate in the local machine store has a non exportable private key and I verify this by using mmc to look at the local machine certificate store (the key icon is shown in the certificate property dialog)

My code is:
SystemStore.StorageType = TSBStorageType.stSystem;
SystemStore.AccessType =

and later...

Cert = SystemStore.get_Certificates(0);
if (Cert.PrivateKeyExists == false)
throw new Exception("Certificate does not have a private key");
Posted: 07/04/2006 08:27:57
by Ken Ivanov (Team)

Please check that you are referring the right certificate (using its subject and issuer fields). Most likely, the store contains some other certificate that does not has an associated private key.
Posted: 07/04/2006 08:33:34
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

The store has only one certificate.
I didn't show all the code but I'm in fact getting the certificate by doing a SystemStore.FindByHashSHA1 operation so I'm certain the correct one is received.
Posted: 07/04/2006 08:36:20
by Eugene Mayevski (Team)

1) What operating system do you use?
2) Please try moving the certificate to CurrentUser
storage and see if you can use this certificate.

Sincerely yours
Eugene Mayevski
Posted: 07/04/2006 09:14:15
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I use Windows 2000 professional
Putting the private key in the current user store and changing the code to remove the atLocalMachine managed to sign the PDF.
However, I need the private key to be stored in the local machine since I'm using it from a service application.
Posted: 07/04/2006 10:37:50
by Eugene Mayevski (Team)

And how exactly did you *add* the certificate to LocalMachine storage?

I'm asking this since I tried adding with SecureBlackbox and with MMC. In both cases the certificate is useable after this.

Sincerely yours
Eugene Mayevski
Posted: 07/09/2006 07:30:08
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I used PFXImportCertStore API function.
I think I managed to find the problem. It had to do with the imported certificate demanding that the user will confirm its usage.
Posted: 07/09/2006 07:36:03
by Eugene Mayevski (Team)

Quite interesting, I tested high protection level (which requies that the user enters the password) and everything worked. Did you run your code from the service application? In this case, no wonder that the problem existed.

Sincerely yours
Eugene Mayevski
Posted: 07/10/2006 02:35:26
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

Yes. I'm not 100% sure that the problem was related to the protection issued but when I tried using a different certificate obtain from another CA without any protection their was no problem.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.



Topic viewed 7030 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!