EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using the system dialog for certificate selection

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 06/14/2011 08:20:53
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 165


I'm trying to use the standard system dialogs for manipulating SecureBlackBox 9 objects.

I've been able to use the CryptUIDlgViewCertificate function to display a certificate from SBB but now that I'm going to the certificate selection dialog, I'm getting lost in the details.

Specifically, I need a handle to an existing store for the CryptUIDlgSelectCertificateFromStore function call to succeed. It seemed to me that the logical way to go about that would be to create an instance of TElWinCertStorage, call CreateStore, add my certificate list to it and then use the handle to the CryptUIDlgSelectCertificateFromStore call. Unfortunately, I can't find a way to get that handle back. Looking at the source code, the handle is created as a local variable and isn't stored as a component state and there is no obvious way to obtain it again without re-creating it completely from my code (with straight CAPI calls) or modifying the SBWinStorage source code.

Am I going in the wrong direction here ? Have I missed something ?

Posted: 06/14/2011 08:37:44
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for getting in touch with us.

TElWinCertStorage is an interface to access certificates in all system storages (ROOT, MY, CA etc.) and does not have mechanism to obtain storage handles. CryptUIDlgSelectCertificateFromStore requires a handle to a particular certificate store. The best way is to use WinAPI (CertOpenSystemStore) to obtain needed handle.
Posted: 06/14/2011 08:40:33
by Ken Ivanov (EldoS Corp.)

In fact, you can access the originating store handle with the use of PCCERT_CONTEXT reference exposed by every certificate originating from a system store. Please use TElX509Certificate.CertHandle.hCertStore property to get the handle.
Posted: 06/14/2011 08:45:32
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 165

Thank you both for your answer.

Does that mean that I can indeed proceed by creating a TElWinCertStorage, call CreateStore, add certs and use the result ?

I don't want to use a system store: I need the user to pick a certificate from a specific list (stored in a PFX file) so I can't simply use the standard system store.

Thanks again
Posted: 06/14/2011 09:10:07
by Ken Ivanov (EldoS Corp.)

Well, you will need to have your certificates in some (temporary) system store, as CryptUIDlgSelectCertificateFromStore() expects one on input. Just to make sure I've checked my assumption with the following code snippet and it proved to work (no error handling at all):
  Cert.LoadFromFileAuto('cert.pfx', 'password');
  CS.AccessType := atCurrentUser;
  CS.Add(Cert, 'TempCS', false);
      Handle, nil, nil, 0, 0, nil);
Posted: 06/14/2011 09:12:09
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 165

wow: As always, that was quick and to the point.

Thank you very much, that's all I needed to go forward.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 914 times

Number of guests: 2, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!