none
PKCS #12 files and Crypto API RRS feed

  • Question

  • What Crypto API function(s) (not .NET) can I use to import a PKCS #12 file into certificate store.

    What I want to do programmatically is the same as what I can do with the UI using Certificate Import Wizard in the Certificates snap-in to mmc.exe.

    It's clear to me how to open and modify the certificate store. But I can't find the function that bridges between a .p12 file and the certificate store functions.


    cas

    Friday, February 24, 2012 10:04 PM

Answers

  • HCERTSTORE PFXImportCertStore( const std::vector< unsigned char> & pfxBytes, const std::wstring & wpass,
    								   DWORD dwFlags )	// = PKCS12_NO_PERSIST_KEY;	
    	{
    		CRYPT_DATA_BLOB pfxDataBlob;
    		pfxDataBlob.pbData= (BYTE *)pfxBytes.data();
    		pfxDataBlob.cbData= pfxBytes.size();
    
    		return ::PFXImportCertStore( &pfxDataBlob, wpass.c_str(), dwFlags );
    	}
    

    Just copy the whole contents of the binary .p12 into some memory, and then build a CRYPT_DATA_BLOB as above.
    Sunday, February 26, 2012 12:14 PM

All replies

  • PFXImportCertStore will open a p12 data blob and return a cert store with certs. You can then add the certs from the returned cert store to the My store if you choose. Keys are persisted as long as you don't use the NO_PERSIST flag.

    Andrew

    • Proposed as answer by Andrew Bernat Saturday, February 25, 2012 5:24 AM
    Saturday, February 25, 2012 5:24 AM
  • How does one convert a file in filesystem containing a p12 certificate to a p12 data blob?

    cas

    Saturday, February 25, 2012 10:52 PM
  • HCERTSTORE PFXImportCertStore( const std::vector< unsigned char> & pfxBytes, const std::wstring & wpass,
    								   DWORD dwFlags )	// = PKCS12_NO_PERSIST_KEY;	
    	{
    		CRYPT_DATA_BLOB pfxDataBlob;
    		pfxDataBlob.pbData= (BYTE *)pfxBytes.data();
    		pfxDataBlob.cbData= pfxBytes.size();
    
    		return ::PFXImportCertStore( &pfxDataBlob, wpass.c_str(), dwFlags );
    	}
    

    Just copy the whole contents of the binary .p12 into some memory, and then build a CRYPT_DATA_BLOB as above.
    Sunday, February 26, 2012 12:14 PM