16,472
社区成员
发帖
与我相关
我的任务
分享求助 - 打开数字证书 -=100分=-
如何使用CryptApi打开数字证书交换文件(扩展名pfx),获得一个证书上下文CERT_CONTEXT
...全文
请发表友善的回复…
发表回复
Colin-Han 2004-08-31
- 打赏
- 举报
Thank netcoder(朱二), but your code only opens a system store cert, no open a cert file(*.pfx).
netcoder 2004-04-22
- 打赏
- 举报
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Security/capicom_reference.asp
http://www.microsoft.com/china/windows2000/library/planning/security/cawebsteps.asp
http://www.microsoft.com/china/windows2000/library/planning/security/eucertsteps.asp
http://www.microsoft.com/china/windows2000/guide/server/features/securitysvcs.asp
ms-help://MS.MSDNQTR.2003FEB.2052/security/security/cryptography_portal.htm
http://www.microsoft.com/china/windows2000/library/planning/security/cawebsteps.asp
http://www.microsoft.com/china/windows2000/library/planning/security/eucertsteps.asp
http://www.microsoft.com/china/windows2000/guide/server/features/securitysvcs.asp
ms-help://MS.MSDNQTR.2003FEB.2052/security/security/cryptography_portal.htm
netcoder 2004-04-22
- 打赏
- 举报
void main(void)
{
// 系统证书库句柄
HCERTSTORE hStoreHandle;
//--------------------------------------------------------------------
// 待签名的消息
BYTE* pbMessage =
(BYTE*)"CryptoAPI is a good way to handle security";
//--------------------------------------------------------------------
DWORD cbMessage = strlen((char*) pbMessage)+1;
//--------------------------------------------------------------------
// 证书的上下文
PCCERT_CONTEXT pSignerCert;
CRYPT_SIGN_MESSAGE_PARA SigParams;
DWORD cbSignedMessageBlob;
BYTE *pbSignedMessageBlob;
DWORD cbDecodedMessageBlob;
BYTE *pbDecodedMessageBlob;
CRYPT_VERIFY_MESSAGE_PARA VerifyParams;
//--------------------------------------------------------------------
const BYTE* MessageArray[] = {pbMessage};
DWORD MessageSizeArray[1];
MessageSizeArray[0] = cbMessage;
//--------------------------------------------------------------------
//
printf("Begin processing. \n");
printf(" The message to be signed is\n-> %s.\n",pbMessage);
//--------------------------------------------------------------------
CryptoAPI 培训教程
- 20 -
// Open a certificate store.
if ( !( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
CERT_STORE_NAME)))
{
HandleError("The MY store could not be opened.");
}
//--------------------------------------------------------------------
//
//得到证书的上下文,此证书必须能访问签名者的私钥
if(pSignerCert = CertFindCertificateInStore(
hStoreHandle,
MY_TYPE,
0,
CERT_FIND_SUBJECT_STR,
SIGNER_NAME,
NULL))
{
printf("The signer's certificate was found.\n");
}
else
{
HandleError( "Signer certificate not found.");
}
//--------------------------------------------------------------------
//初始化签名结构
SigParams.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
SigParams.dwMsgEncodingType = MY_TYPE;
SigParams.pSigningCert = pSignerCert;
SigParams.HashAlgorithm.pszObjId = szOID_RSA_MD5;
SigParams.HashAlgorithm.Parameters.cbData = NULL;
SigParams.cMsgCert = 1;
SigParams.rgpMsgCert = &pSignerCert;
SigParams.cAuthAttr = 0;
SigParams.dwInnerContentType = 0;
SigParams.cMsgCrl = 0;
SigParams.cUnauthAttr = 0;
CryptoAPI 培训教程
- 21 -
SigParams.dwFlags = 0;
SigParams.pvHashAuxInfo = NULL;
SigParams.rgAuthAttr = NULL;
//--------------------------------------------------------------------
//
// 首先得到BLOB 的大小
if(CryptSignMessage(
&SigParams, // Signature parameters
FALSE, // Not detached
1, // Number of messages
MessageArray, // Messages to be signed
MessageSizeArray, // Size of messages
NULL, // Buffer for signed message
&cbSignedMessageBlob)) // Size of buffer
{
printf("The size of the BLOB is %d.\n",cbSignedMessageBlob);
}
else
{
HandleError("Getting signed BLOB size failed");
}
//--------------------------------------------------------------------
// 分配BLOB 的内存.
if(!(pbSignedMessageBlob =
(BYTE*)malloc(cbSignedMessageBlob)))
{
HandleError("Memory allocation error while signing.");
}
//--------------------------------------------------------------------
//
if(CryptSignMessage(
&SigParams, //
FALSE, //
1, // 消息数量
MessageArray, // 待签名的消息
MessageSizeArray, // 消息大小
pbSignedMessageBlob, // 缓冲区
&cbSignedMessageBlob)) // 缓冲区大小
{
CryptoAPI 培训教程
- 22 -
printf("The message was signed successfully. \n");
}
else
{
HandleError("Error getting signed BLOB");
}
//--------------------------------------------------------------------
// 验证签名信息
//--------------------------------------------------------------------
// 初始化VerifyParams 结构.
VerifyParams.cbSize = sizeof(CRYPT_VERIFY_MESSAGE_PARA);
VerifyParams.dwMsgAndCertEncodingType = MY_TYPE;
VerifyParams.hCryptProv = 0;
VerifyParams.pfnGetSignerCertificate = NULL;
VerifyParams.pvGetArg = NULL;
//--------------------------------------------------------------------
//
if(CryptVerifyMessageSignature(
&VerifyParams, //.
0, //
pbSignedMessageBlob, //.
cbSignedMessageBlob, //
NULL, //
&cbDecodedMessageBlob, //.
NULL)) // Pointer to signer certificate.
{
printf("%d bytes need for the buffer.\n",cbDecodedMessageBlob);
}
else
{
printf("Verification message failed. \n");
}
//--------------------------------------------------------------------
// 为缓冲区分配内存.
if(!(pbDecodedMessageBlob =
(BYTE*)malloc(cbDecodedMessageBlob)))
{
HandleError("Memory allocation error allocating decode BLOB.");
}
CryptoAPI 培训教程
- 23 -
//--------------------------------------------------------------------
//
// 得到缓冲区的大小
if(CryptVerifyMessageSignature(
&VerifyParams, // Verify parameters.
0, // Signer index.
pbSignedMessageBlob, // Pointer to signed BLOB.
cbSignedMessageBlob, // Size of signed BLOB.
pbDecodedMessageBlob, // Buffer for decoded message.
&cbDecodedMessageBlob, // Size of buffer.
NULL)) // Pointer to signer certificate.
{
printf("The verified message is \n-> %s \n",pbDecodedMessageBlob);
}
else
{
printf("Verification message failed. \n");
}
//--------------------------------------------------------------------
//
if(pbSignedMessageBlob)
free(pbSignedMessageBlob);
if(pbDecodedMessageBlob)
free(pbDecodedMessageBlob);
if(pSignerCert)
CertFreeCertificateContext(pSignerCert);
if(CertCloseStore(
hStoreHandle,
CERT_CLOSE_STORE_CHECK_FLAG))
{
printf("The store closed and all certificates are freed. \n");
}
else
{
printf("Store closed after signing -- \n"
"not all certificates, CRLs or CTLs were freed");
} …
{
// 系统证书库句柄
HCERTSTORE hStoreHandle;
//--------------------------------------------------------------------
// 待签名的消息
BYTE* pbMessage =
(BYTE*)"CryptoAPI is a good way to handle security";
//--------------------------------------------------------------------
DWORD cbMessage = strlen((char*) pbMessage)+1;
//--------------------------------------------------------------------
// 证书的上下文
PCCERT_CONTEXT pSignerCert;
CRYPT_SIGN_MESSAGE_PARA SigParams;
DWORD cbSignedMessageBlob;
BYTE *pbSignedMessageBlob;
DWORD cbDecodedMessageBlob;
BYTE *pbDecodedMessageBlob;
CRYPT_VERIFY_MESSAGE_PARA VerifyParams;
//--------------------------------------------------------------------
const BYTE* MessageArray[] = {pbMessage};
DWORD MessageSizeArray[1];
MessageSizeArray[0] = cbMessage;
//--------------------------------------------------------------------
//
printf("Begin processing. \n");
printf(" The message to be signed is\n-> %s.\n",pbMessage);
//--------------------------------------------------------------------
CryptoAPI 培训教程
- 20 -
// Open a certificate store.
if ( !( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
CERT_STORE_NAME)))
{
HandleError("The MY store could not be opened.");
}
//--------------------------------------------------------------------
//
//得到证书的上下文,此证书必须能访问签名者的私钥
if(pSignerCert = CertFindCertificateInStore(
hStoreHandle,
MY_TYPE,
0,
CERT_FIND_SUBJECT_STR,
SIGNER_NAME,
NULL))
{
printf("The signer's certificate was found.\n");
}
else
{
HandleError( "Signer certificate not found.");
}
//--------------------------------------------------------------------
//初始化签名结构
SigParams.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
SigParams.dwMsgEncodingType = MY_TYPE;
SigParams.pSigningCert = pSignerCert;
SigParams.HashAlgorithm.pszObjId = szOID_RSA_MD5;
SigParams.HashAlgorithm.Parameters.cbData = NULL;
SigParams.cMsgCert = 1;
SigParams.rgpMsgCert = &pSignerCert;
SigParams.cAuthAttr = 0;
SigParams.dwInnerContentType = 0;
SigParams.cMsgCrl = 0;
SigParams.cUnauthAttr = 0;
CryptoAPI 培训教程
- 21 -
SigParams.dwFlags = 0;
SigParams.pvHashAuxInfo = NULL;
SigParams.rgAuthAttr = NULL;
//--------------------------------------------------------------------
//
// 首先得到BLOB 的大小
if(CryptSignMessage(
&SigParams, // Signature parameters
FALSE, // Not detached
1, // Number of messages
MessageArray, // Messages to be signed
MessageSizeArray, // Size of messages
NULL, // Buffer for signed message
&cbSignedMessageBlob)) // Size of buffer
{
printf("The size of the BLOB is %d.\n",cbSignedMessageBlob);
}
else
{
HandleError("Getting signed BLOB size failed");
}
//--------------------------------------------------------------------
// 分配BLOB 的内存.
if(!(pbSignedMessageBlob =
(BYTE*)malloc(cbSignedMessageBlob)))
{
HandleError("Memory allocation error while signing.");
}
//--------------------------------------------------------------------
//
if(CryptSignMessage(
&SigParams, //
FALSE, //
1, // 消息数量
MessageArray, // 待签名的消息
MessageSizeArray, // 消息大小
pbSignedMessageBlob, // 缓冲区
&cbSignedMessageBlob)) // 缓冲区大小
{
CryptoAPI 培训教程
- 22 -
printf("The message was signed successfully. \n");
}
else
{
HandleError("Error getting signed BLOB");
}
//--------------------------------------------------------------------
// 验证签名信息
//--------------------------------------------------------------------
// 初始化VerifyParams 结构.
VerifyParams.cbSize = sizeof(CRYPT_VERIFY_MESSAGE_PARA);
VerifyParams.dwMsgAndCertEncodingType = MY_TYPE;
VerifyParams.hCryptProv = 0;
VerifyParams.pfnGetSignerCertificate = NULL;
VerifyParams.pvGetArg = NULL;
//--------------------------------------------------------------------
//
if(CryptVerifyMessageSignature(
&VerifyParams, //.
0, //
pbSignedMessageBlob, //.
cbSignedMessageBlob, //
NULL, //
&cbDecodedMessageBlob, //.
NULL)) // Pointer to signer certificate.
{
printf("%d bytes need for the buffer.\n",cbDecodedMessageBlob);
}
else
{
printf("Verification message failed. \n");
}
//--------------------------------------------------------------------
// 为缓冲区分配内存.
if(!(pbDecodedMessageBlob =
(BYTE*)malloc(cbDecodedMessageBlob)))
{
HandleError("Memory allocation error allocating decode BLOB.");
}
CryptoAPI 培训教程
- 23 -
//--------------------------------------------------------------------
//
// 得到缓冲区的大小
if(CryptVerifyMessageSignature(
&VerifyParams, // Verify parameters.
0, // Signer index.
pbSignedMessageBlob, // Pointer to signed BLOB.
cbSignedMessageBlob, // Size of signed BLOB.
pbDecodedMessageBlob, // Buffer for decoded message.
&cbDecodedMessageBlob, // Size of buffer.
NULL)) // Pointer to signer certificate.
{
printf("The verified message is \n-> %s \n",pbDecodedMessageBlob);
}
else
{
printf("Verification message failed. \n");
}
//--------------------------------------------------------------------
//
if(pbSignedMessageBlob)
free(pbSignedMessageBlob);
if(pbDecodedMessageBlob)
free(pbDecodedMessageBlob);
if(pSignerCert)
CertFreeCertificateContext(pSignerCert);
if(CertCloseStore(
hStoreHandle,
CERT_CLOSE_STORE_CHECK_FLAG))
{
printf("The store closed and all certificates are freed. \n");
}
else
{
printf("Store closed after signing -- \n"
"not all certificates, CRLs or CTLs were freed");
} …
Colin-Han 2004-03-31
- 打赏
- 举报
to:itmaster(传说中的"大师")
“没有合乎你要求的网页” ???
“没有合乎你要求的网页” ???
itmaster 2004-03-31
- 打赏
- 举报
http://www.microsoft.com/china/msdn/technic/develop/ii/0228c.asp
Colin-Han 2004-03-31
- 打赏
- 举报
在线等待,一定结贴.............
Colin-Han 2004-03-31
- 打赏
- 举报
大师快来啊
