EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using the system dialog for certificate selection

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#16654
Posted: 06/14/2011 08:20:53
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello,

I'm trying to use the standard system dialogs for manipulating SecureBlackBox 9 objects.

I've been able to use the CryptUIDlgViewCertificate function to display a certificate from SBB but now that I'm going to the certificate selection dialog, I'm getting lost in the details.

Specifically, I need a handle to an existing store for the CryptUIDlgSelectCertificateFromStore function call to succeed. It seemed to me that the logical way to go about that would be to create an instance of TElWinCertStorage, call CreateStore, add my certificate list to it and then use the handle to the CryptUIDlgSelectCertificateFromStore call. Unfortunately, I can't find a way to get that handle back. Looking at the source code, the handle is created as a local variable and isn't stored as a component state and there is no obvious way to obtain it again without re-creating it completely from my code (with straight CAPI calls) or modifying the SBWinStorage source code.

Am I going in the wrong direction here ? Have I missed something ?

Thanks
#16656
Posted: 06/14/2011 08:37:44
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for getting in touch with us.

TElWinCertStorage is an interface to access certificates in all system storages (ROOT, MY, CA etc.) and does not have mechanism to obtain storage handles. CryptUIDlgSelectCertificateFromStore requires a handle to a particular certificate store. The best way is to use WinAPI (CertOpenSystemStore) to obtain needed handle.
#16657
Posted: 06/14/2011 08:40:33
by Ken Ivanov (EldoS Corp.)

In fact, you can access the originating store handle with the use of PCCERT_CONTEXT reference exposed by every certificate originating from a system store. Please use TElX509Certificate.CertHandle.hCertStore property to get the handle.
#16658
Posted: 06/14/2011 08:45:32
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Thank you both for your answer.

Does that mean that I can indeed proceed by creating a TElWinCertStorage, call CreateStore, add certs and use the result ?

I don't want to use a system store: I need the user to pick a certificate from a specific list (stored in a PFX file) so I can't simply use the standard system store.

Thanks again
#16659
Posted: 06/14/2011 09:10:07
by Ken Ivanov (EldoS Corp.)

Well, you will need to have your certificates in some (temporary) system store, as CryptUIDlgSelectCertificateFromStore() expects one on input. Just to make sure I've checked my assumption with the following code snippet and it proved to work (no error handling at all):
Code
  Cert.LoadFromFileAuto('cert.pfx', 'password');
  CS.AccessType := atCurrentUser;
  CS.Add(Cert, 'TempCS', false);
  CS.SystemStores.BeginUpdate;
  try
    CS.SystemStores.Add('TempCS');
  finally
    CS.SystemStores.EndUpdate;
  end;
  CryptUIDlgSelectCertificateFromStore(CS.Certificates[0].CertHandle.hCertStore,
      Handle, nil, nil, 0, 0, nil);
#16660
Posted: 06/14/2011 09:12:09
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

wow: As always, that was quick and to the point.

Thank you very much, that's all I needed to go forward.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 948 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!