santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <>
Subject Re: [c++] WinCAPICryptoProvider class
Date Sat, 12 Feb 2005 01:05:50 GMT

I've just had a look at this, and for the life of me I don't understand 
why I used CRYPT_MACHINE_CONTEXT in the first place.  This is used to 
trick the CAPI into allowing us to import a plaintext key for use in the 
encryption classes.  It would make far more sense to use a per-user key 

I didn't want to use the default m_provRSA because that it a true user 
key - this was simply a wrapper key.  But it can (and should) be created 
on a per-user basis.

The only exception to this would be if the library is being used as a 
standalone process (which is really what CRYPT_MACHINE_CONTEXT is for). 
  So maybe that should be a cofiguration call on the constructor?


Milan Tomic wrote:
> Berin,
>         If you take a look into beginning of WinCAPICryptoProvider.cpp 
> file ( 
> _

> <>

> ), you will notice this line:
> *if* (!CryptAcquireContext(&m_provApacheKeyStore,
>                 s_xsecKeyStoreName,
>                 provRSAName,
>                 m_provRSAType,
>                 CRYPT_MACHINE_KEYSET))
>         Well, the problem is that when some user doesn't have admin 
> rights s/he can't acquire CRYPT_MACHINE_KEYSET and initialzation of XSEC 
> fails (XSEC exception is thrown). Perhaps we should use m_provRSA 
> instead of m_provApacheKeyStore in WinCAPICryptoProvider class or use 
> some other flag than CRYPT_MACHINE_KEYSET for m_provApacheKeyStore.
> More info in the MSDN about CRYPT_MACHINE_KEYSET:
> _

> _
> Best regards,
> Milan

View raw message