-----Original Message-----
From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 12, 1999 2:55 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with import PKCS12 to Windows
Thank for answer.
One way to resolve this is to import a DSA private key and certificate
into CryptoAPI using CryptoAPI calls directly (e.g. CryptImportKey()
with a DSA PRIVATEKEYBLOB) and linking the two up and see if
applications work properly.
Well, I think, it is not very simple. My CSP is able to generated public and
private keys, but
certmgr.exe does not see it, simply because certificate store is located in
another part of registry
(and of course, applications do not see these keys).
I think, certificate store is in
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
And for example, MS providers use
HKEY_CURRENT_USER\Software\Microsoft\Cryptography.
I think (I will check it), MS Outlook reads from certificate store both
public and private keys of selected
certificate, import it to provider, then encrypt/decrypt/sign/verify e-mail
and then delete keys from CSP store.
However, I did not find description of these registry keys (in Resource Kit
for Windows NT Server
you can find help file for registry keys). It means, I do not know format of
these registry values,
and I though, this will be latest option - I will try it.
If things seem OK the next step is to export a PKCS#12 file and see if
it will re-import it and use the DSA key. If this works then it suggests
a non standard and broken PKCS#12 DSA format: if I can get such a
PKCS#12 file to analyse I'll add an option to support it.
OK, if I will able to export it, I will send it to you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
