On 24-06-2010 00:43, Harshvir Sidhu wrote:
Hi All, I am trying to read Certificates and Private Key from Windows Certificate Store and then using them in OpenSSL. I am able to read Certificates but i am having trouble with reading Private Key. Have anyone done this before, any pointers will be great. Thanks.
Note that you are NEVER supposed to do that. The Windows Certificate Store is designed to behave like a smart card or HSM (even though it is technically just software and can probably be cracked). Private Keys are not supposed to go out, although you CAN extract those private keys that are marked "exportable" (which has nothing to do with the old crypto-export-across-borders restrictions). AeroWolf's reply is about the manual way to extract keys that are marked "exportable", keys that are not so marked, cannot be extracted by ordinary means and cannot be retroactively marked as exportable. The best approach would be for someone to create an openssl "engine" plugin which can call MS CryptoAPI and thus access use any keys kept by it without actually compromising the private key storage. Maybe someone has already done that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
