locked
ertificate Request Problem - Vista certEnroll.dll + USB tokens RRS feed

  • Question

  • Hi all,

    I have to generate certificate request using CertEnroll on my Vista. It must be generated on the web page. To do this I use Javascript. I crteate X509EnrollmentWebClassFactory object (the basic one) and other objects with web enabled tag.  My code works fine when I want to generate the request using for example 'Microsoft Strong Cryptographic Provider'. The problem appears when I use my token CSP  - 'Charismathics Smart Security Interface CSP' (drivers You can download form www.charismathics.com). 
    In this situation function CreateRequest() start working and throw na error:
    ---------------------------
    Windows Internet Explorer
    ---------------------------
    Error: CertEnroll::CX509Enrollment:: p_CreateRequest: ASN1 - unexpected end of data. 0x80093102 (ASN: 258)
    ---------------------------
    OK  
    ---------------------------

    Token works OK with Windows XP and mozilla  and its behavior look fine on vista (before an error apprears the private and public keys are stored in token's memory).

    Does anybody have similar problem with tokens?
    Could you help me with this one??
    Maybe I'm not set all privateKey Attributs or something like this?

    Any suggestions?

    This is my code my shows the problem:

    <html>
    <head>
    <SCRIPT LANGUAGE="JavaScript">
    <!--   
    function genReq(){
            var cspName="Charismathics Smart Security Interface CSP";
            var cspType=1;
            var XCN_AT_KEYEXCHANGE=1;
            var dn="CN=Name Surname";
            var pkcs10="";
        try{
            this.classFactory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");
            this.objPrivateKey= this.classFactory.CreateObject("X509Enrollment.CX509PrivateKey");
            this.objDN=            this.classFactory.CreateObject("X509Enrollment.CX500DistinguishedName");
            this.objRequest=     this.classFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
            this.objEnroll=        this.classFactory.CreateObject("X509Enrollment.CX509Enrollment");
            this.objExt=        this.classFactory.CreateObject("X509Enrollment.CX509ExtensionKeyUsage");
            this.selectedCsp=     this.classFactory.CreateObject("X509Enrollment.CCspInformation");
           
            this.selectedCsp.InitializeFromName(cspName);
           
            this.objPrivateKey.CspInformations=this.classFactory.CreateObject("X509Enrollment.CCspInformations");
            this.objPrivateKey.CspInformations.Add(this.selectedCsp);
            this.objPrivateKey.ProviderName=this.selectedCsp.Name;
            this.objPrivateKey.ProviderType= this.selectedCsp.Type;
            this.objPrivateKey.KeySpec= XCN_AT_KEYEXCHANGE;
            this.objPrivateKey.Length=1024;
            this.objPrivateKey.KeyUsage=0xffffff;
            this.objPrivateKey.ExportPolicy=1;
            this.objPrivateKey.MachineContext=0;

            this.objExt.InitializeEncode(0);
            this.objRequest.InitializeFromPrivateKey(1,this.objPrivateKey,"");
            this.objDN.Encode(dn);
            this.objRequest.Subject = this.objDN;
            this.objRequest.X509Extensions.Add(this.objExt);
            this.objEnroll.InitializeFromRequest(this.objRequest);
    // line generateing the proble:
            pkcs10= this.objEnroll.CreateRequest(1);
            }
        catch (e) {
                alert(e.name + ": " + e.message);
            throw new Error("cannot initialize Enrollment Object");
        }
    }
    //-->
    </SCRIPT>
    </head>
    <body onLoad='genReq()'>
    <H1>generate cert req.</H1>

    </body>
    </html>


    thanks in advance,
    MJ

    Friday, August 8, 2008 11:09 AM