On Thu, Apr 27, 2006, Matthieu BONETTI wrote: > Hello, > > I agree on the fact that MS can import/export certificates in DER format (and > pk12 as well). > I'm not familiar with MS system and MS programmation but I understood that > Windows really stores > certificates in pieces (In the registry, in files in UserData directory). So > what I need is to > get the certificate (with MS Capicom API) and change it to feet into a X509 > structure. > > That way, it would be possible for me to use the certificate with OpenSSL. >
If you are using C then CryptoAPI is probably the easiest thing to use. If you look at all the Cert*() functions you'll find loads of stuff for locating the certificate you are interested in. These often return a pointer to a CERT_CONTEXT structure. The buffer at pbCertEncoded for cbCertEncoded bytes contains the DER form. >From those you can create an X509 structure using d2i_X509(): don't forget the FAQ comment about using a temp pointer. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
