SCEP protocol with crypto api


  • Hallo together,

    I have the problem that I workt on a ClientApplication wich have to request a CA certificate without any user interaction.

    I tried to implement this based on Crypro API and IEnroll4 class.

    But I dosent hve the solution because in the resulting PKCS7 request (SCEP) the Certificate has no signature and also I am not able to generate a Signature an assign it to tzhe certificate.

    To generate a PKCS10 I use the IEnroll class.

    An the to envelop this request i use the CryproApi function :

    if(cbEncodedBlob = CryptMsgCalculateEncodedLength(MY_ENCODING_TYPE, 0, CMSG_ENVELOPED, &EnvelopedEncodeInfo, szOID_PKCS_7_DATA, dwLen))

    { .. and so on


    and  to sign the envelop I use:

    if(cbSignedBlob = CryptMsgCalculateEncodedLength(MY_ENCODING_TYPE , // message encoding type

    0, // flags

    CMSG_SIGNED, // message type

    &SignedMsgEncodeInfo, // pointer to structure

    szOID_PKCS_7_ENVELOPED, // inner content OID

    cbEncodedBlob )) // size of content



    If I have a look at the CerttificateContext and the CertInfo there is always the signature 2 bytes long and I can't set a nother signaturealgorithm then sha1.

    Have any one a idea wich properties I must set using the IEnroll4 or must I use some additional cryto api functions. here is a code fragment how I generate the pkcs10:
        IEnroll4*      CertEnroll = NULL;
        CRYPT_DATA_BLOB      MyBlob = { 0, NULL };
        hr = CoInitializeEx( NULL, COINIT_APARTMENTTHREADED );
        hr = CoCreateInstance(CLSID_CEnroll2,NULL,CLSCTX_INPROC_SERVER,IID_IEnroll4,(void **)&CertEnroll );
        hr = CertEnroll->put_ProviderType( PROV_RSA_SCHANNEL);
        hr = CertEnroll->put_ProviderNameWStr(L"Microsoft RSA SChannel Cryptographic Provider" );
        hr = CertEnroll->put_KeySpec( AT_KEYEXCHANGE );
        hr = CertEnroll->put_EnableSMIMECapabilities( FALSE );
        hr = CertEnroll->put_GenKeyFlags( 1024 << 16 );
        hr = CertEnroll->put_MyStoreFlags(CERT_SYSTEM_STORE_LOCAL_MACHINE);
        hr = CertEnroll->put_HashAlgorithmWStr(L"1.2.840.113549.1.1.4");
        hr = CertEnroll->createPKCS10WStr(L"CN=HeinBollo", L"", &MyBlob);

    Regards and thanks in advanced for Your asnwers


    2007年3月15日 15:31