Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Wed, 10 Sep 2008 18:04:04 -0700,    group: microsoft.public.platformsdk.security        back       


CryptGetProvParam with PP_ROOT_CERTSTORE and PP_USER_CERTSTORE    
Good Day,

I'm currently in development of a smart-card based CSP (Old school CSP) so 
far everything works fine in 2K and XP but i came across a problem that 
(although I have implemented it) I'm not sure if I implemented it correctly.

In Vista, the Certificate Propagation process calls CryptGetProvParam with 
PP_USER_CERTSTORE and PP_ROOT_CERTSTORE, in the MSDN page of 
CryptGetProvParam the dwParam above (in relation to pbData) are described as:

for PP_ROOT_CERTSTORE:
"The pbData parameter is the address of an HCERTSTORE variable that receives 
the handle of the certificate store."

for PP_USER_CERTSTORE:
"The pbData parameter is the address of an HCERTSTORE variable that receives 
the handle of an in-memory certificate store."

QUESTION:
1) For PP_USER_CERTSTORE can I just retrieve a handle of the Personal Cert 
Store and give it to pbData?? I retrieve the Personal Certstore via 
CertOpenSystemStore(0,"MY"), what does in-memory cert store means? a 
non-physical cert store ??

2) if CertOpenSystemStore(0,"MY") works, how do I give pbData the handle 
returned by CertOpenSystemStore() ?? memcpy it? give pbData the "ADDRESS" of 
a static variable HCERTSTORE or give pbData the "VALUE" of the static 
variable HCERTSTORE ? (the static variable is the one that initially holds 
the return value of the CertOpenSystemStore()).

3) for PP_ROOT_CERTSTORE, can i just return the handle from 
CertOpenSystemStore(0,"ROOT") ??

I've been looking everywhere and I still couldn't find a sample code of how 
an application will call CryptGetProvParam with dwParam 
PP_USER/ROOT_CERTSTORE.. 

By the way, when Vista calls my CSP's CryptGetProvParam with the dwParam 
above, I automatically scan the cards inserted, retrieve the certs and keys 
(if any) create a cert context and based from the cert context I check if it 
is a User Cert, ROOT Cert or Intermediate CA Cert and copy them to the 
appropriate system store

Thanks in advance...


jomski85
date: Wed, 10 Sep 2008 18:04:04 -0700   author:   jomski85

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us