locked
private key not stored in CertStore ?? why? RRS feed

  • Question

  • I'm creating a self signed certificate in my program. This certificate is added to a store using CertAddEncodedCertificateToStore. Then I set the private key using CertSetCertificateContextProperty (CERT_NCRYPT_KEY_HANDLE_PROP_ID).

    Now, the strange thing... -> if I use a store in the memory (CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_CREATE_NEW_FLAG, NULL)), and then export this store to a pfx (PfxExportCertStoreEx...) and then import this pfx into a certificate store using the mmc console, then the certificate has a private key associatet with it...

    But if I directly use the "MY" store of the local machine (CertOpenStore(CERT_STORE_PROV_SYSTEM, X_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY")), the certificate doesn't have a private key... why? What's wrong? Do I have to set an additional flag or what is it? (I'm running with admin rights).

    By the way... it's even bether... when I export the "MY" storage after adding the certificate to it, the exported pfx file does contain the private key. But after closing the store, it's not stored... if I import the pfx created (using the mmc console), the system does nothing else than adding the private key to the certificate... so... it seems, that the whole problem is, that the key is not stored, not that it's not added... that's why I think, it's really only a flag that's missing.

    By the way, this problem exists also, if I use the "MY" store of the local user (so, not a rights problem at all).


    Friday, December 19, 2014 3:49 PM

Answers

  • ok, I found a solution... but I don't know why it's working... anyway, I'll figure it out...
    • Marked as answer by Rudolf Meier Friday, December 19, 2014 9:17 PM
    Friday, December 19, 2014 9:17 PM

All replies

  • ok, I found a solution... but I don't know why it's working... anyway, I'll figure it out...
    • Marked as answer by Rudolf Meier Friday, December 19, 2014 9:17 PM
    Friday, December 19, 2014 9:17 PM
  • It would be nice if you could share the solutin here to help someone has that similar question.

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, December 22, 2014 2:04 AM
  • It would be nice if you could share the solutin here to help someone has that similar question.

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    I was wondering, if someone is interested in the solution... :-)

    Here it is: You can set the CERT_KEY_PROV_HANDLE_PROP_ID and until you close the certificate store, everything works the way you expect it. But, it doesn't store the key. You have to use the CERT_KEY_PROV_INFO_PROP_ID instead. Why? No idea... now, why did I use the other property? Simple: because it seemed, that in this case, I don't have to name the key. Now I have to generate a temporary name for the key (and make sure that I don't have a collision), then set the KEY_PROV_INFO property using this name and then destroy the named key. ... so, more complicated, but it seems to be the only solution.

    Monday, December 22, 2014 4:30 PM
  • I didn't get a chance to work on these stuff . But here is one sample from MSDN may be you will get some idea from here.

    Getting and Setting Certificate Properties

    Thanks

    

    


    Rupesh Shukla

    Monday, December 22, 2014 4:47 PM