How to map a certificate in Windows store ("Personal", ..) with the one CSP when sign a document from Word etc? RRS feed

  • Question

  • Hi all,

    I am using a hardware token to make a digital signature.
    I see that when perform plug it to PC, it register a certificate with Windows system certificate store.
    That certificate contains private key...
    When sign a document from application (Word etc.), a list of certificate is displayed, then select certificate of hardware token, dialog is popup to input password. It seems that dialog is from CSP of hardware token?

    Could anybody know how Windows map a certificate with specified CSP?

    is there any Crypto API for this purpose?
    • Edited by Golden_Man Tuesday, April 2, 2013 3:58 AM
    Tuesday, April 2, 2013 3:54 AM

All replies

  • Certificates have properties attached to them in Windows. There is a special property called KEY_PROV_INFO on a certificate which identifies the CSP/KSP used for the private key. You can see this by doing the following from a command prompt:

    certutil -q -user -store My

    You will see details of every certificate in your user Personal. For each cert, you will see the properties attached to the cert. Look for one called KEY_PROV_INFO. This property will describe the CSP/KSP, as well as key spec, flags.


    Saturday, April 6, 2013 5:12 AM
  • Thank Andrew,

    Exactly, the property CERT_KEY_PROV_INFO_PROP_ID attached to certificate in Windows that identifies CSP.

    My understanding that in case attach that property to one selected certificate while sign a document from Word, it trigger the function call to identified CSP, is it right?

    How to setting that property on a certificate? is it performed by calling to CertSetCertificateContextProperty() function?

    MSDN document is too complex for beginner as me in security field, so it's very helpful if I have received your answer!

    Thank you,

    • Edited by Golden_Man Thursday, April 11, 2013 8:41 AM
    Thursday, April 11, 2013 8:38 AM
  • Yes. You need to use CertSetCertificateContextProperty

    You will need to set the KEY_PROV_INFO property.

    Sunday, April 14, 2013 5:43 AM