Well, again short description. I need import pfx file (it is in PKCS12
format)
into certificate store of Windows. When certificate is stored in certificate
store
with corresponding private keys, it is possible to use it (for encryption
and signing)
in MS Outlook. It is enough for test of my project - custom cryptography
service
provider DLL. My provider support DSA algorithm, therefore I need DSA keys.
In my first e-mail I attached generated files (generated by one CA and by
me).
Please, look at them.
MSIE does not import certificates, it just use it from certificate store.
There
is a certificate manager (certmgr.exe), and this program does import of
certificates
(certificates are stored in registry). When I import pfx file (DSA) to
certificate store,
I get error message "Input information is invalid".
Windows support DSA with its CryptoAPI (look at the page
http://msdn.microsoft.com/library/psdk/crypto/cryptoref_4dmb.htm), there is
a list
with brief description of MS providers. I am not sure, if it is error
because of some error of Windows (or certmgr.exe, or something else),
or it is error of openssl. However, I am able to import PKCS12 file with RSA
keys.
I am able import X509v3 certificate with public DSA key without any problem.
Currently I am in very bad situation, because I finished first part of tests
(with my test program), and I can not continue with second part - test with
real applications.
-----Original Message-----
From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 11, 1999 6:41 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with import PKCS12 to Windows
Ziacek Martin wrote:
>
> Thank for answers,
>
> but no one helped me. Described error is independent of length
> of DSA keys (512 or 1024) and I do not understand, why I can
> not import DSA user certificate (PKCS12 file).
> So, if somebody has any idea, please, let me known.
>
You didn't say what you tried to import it into. If its Netscape then
there is a problem of some sort.
If its MSIE then I don't think you can use DSA certificates with it at
all.
Steve.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
