Jaa


How to get the CSP name from a certificate containing the private key?

 

I was testing with some code to get the CSP name from a certificate containing the private key. A sample code is shown below:

// GetCSPFromCert.cpp : Defines the entry point for the console application.

//

#include "stdafx.h"

#include <stdio.h>

#include <windows.h>

#include <wincrypt.h>

#pragma comment(lib, "crypt32.lib")

#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)

// Replace the following string with the subject of the signer

// certificate.

#define SIGNER_NAME L"shmisra" // Your certificate name.

void MyHandleError(char *s);

void main(int argc, char* argv[])

{

    HCRYPTPROV hCryptProv;         // CSP handle

    HCERTSTORE hStoreHandle;       // Store handle

    PCCERT_CONTEXT pSignerCert;    // Signer certificate

    DWORD dwKeySpec;

//---------------------------------------------------------------

// Open the My system certificate store.

    hStoreHandle = CertOpenStore(

        CERT_STORE_PROV_SYSTEM,

        0,

        NULL,

        CERT_SYSTEM_STORE_CURRENT_USER,

        L"MY");

if(!hStoreHandle)

    {

        MyHandleError( "Could not open the MY system store.");

    }

    printf("Cert name: %s\n", argv[1]);

//---------------------------------------------------------------

// Get a pointer to a signer's signature certificate.

    pSignerCert = CertFindCertificateInStore(

        hStoreHandle,

        MY_ENCODING_TYPE,

        0,

        CERT_FIND_SUBJECT_STR,

        SIGNER_NAME,

        NULL);

if (!pSignerCert)

    {

        MyHandleError("Cert not found.\n");

    }

//---------------------------------------------------------------

// Get a handle to a cryptographic provider.

if( !(CryptAcquireCertificatePrivateKey(

        pSignerCert,

        0,

        NULL,

        &hCryptProv,

        &dwKeySpec,

        NULL)))

    {

        MyHandleError("CryptAcquireContext failed");

    }

    CHAR pszName[1000];

    DWORD cbName;

//---------------------------------------------------------------

// Read the name of the CSP.

    cbName = 1000;

if(CryptGetProvParam(

        hCryptProv,

        PP_NAME,

        (BYTE*)pszName,

        &cbName,

        0))

    {

        _tprintf(TEXT("CryptGetProvParam succeeded.\n"));

        printf("Provider name: %s\n", pszName);

    }

else

    {

        MyHandleError("Error reading CSP name.\n");

    }

//---------------------------------------------------------------

// Read the name of the key container.

    cbName = 1000;

if(CryptGetProvParam(

        hCryptProv,

        PP_CONTAINER,

        (BYTE*)pszName,

        &cbName,

        0))

    {

        _tprintf(TEXT("CryptGetProvParam succeeded.\n"));

        printf("Key Container name: %s\n", pszName);

    }

else

    {

        MyHandleError("Error reading key container name.\n");

    }

    CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG);

    CryptReleaseContext(hCryptProv, 0);

}

//-------------------------------------------------------------------

//  Define function MyHandleError

void MyHandleError(char *s)

{

    fprintf(stderr,"An error occurred in running the program. \n");

    fprintf(stderr,"%s\n",s);

    fprintf(stderr,"Error number %x.\n",GetLastError());

    fprintf(stderr,"Program terminating. \n");

    exit(1);

}

A screen shot of my Smart Card logon certificate is shown below:

clip_image002

For logon certificates, they are stored in the certificate store and you can access the key/ certificate using MS-CAPI.

References:

· https://msdn.microsoft.com/en-us/library/aa379885(VS.85).aspx

· https://msdn.microsoft.com/en-us/library/aa380196(VS.85).aspx

-Shamik

Comments