Thanks, but I was more looking for docs on the interop of OpenSSL and
the Crypto API. I got pretty most info from the capi that I needed
except the private key, which from what I've read may not always be
exportable anyway. I was looking for how to call the following functions
with a location in the store, instead of a file.
SSL_CTX_load_verify_locations
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_chain_file
or replacement functions that need to be called instead.
Also, I'm having issues compiling with capi engine support. The engine
doesn't appear to load as I get NULL from ENGINE_by_id("capi");
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Stef Hoeben
Sent: Sunday, November 28, 2010 12:58 PM
To: openssl-users@openssl.org
Subject: RE: Private Key from Windows Cert Store
Hi Tom,
here's the code of a little cmd line tool we use to test our CSPs.
Cheers,
Stef
> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Fili, Tom
> Sent: zondag 28 november 2010 18:19
> To: openssl-users@openssl.org
> Subject: RE: Private Key from Windows Cert Store
>
> Is there a place that has some docs or examples of the capi API? I've
> looked around, but haven't found any good source for these.
>
> Tom Fili
> Software Engineer
> Analytical Graphics Inc.
>
>
>
> -----Original Message-----
> From: owner-openssl-us...@openssl.org on behalf of So Gerald
> Sent: Fri 11/26/2010 4:35 AM
> To: openssl-users@openssl.org
> Subject: Re: Private Key from Windows Cert Store
>
> I think you may use the CAPI engine instead.
>
> 2010/11/24 Fili, Tom <tf...@agi.com>
>
> > I'm trying to load a private key file of a personal cert from a key
> file
> > and load it like so:
> >
> > SSL_CTX_use_PrivateKey_file(pSSLContext, privateKeyFile,
> SSL_FILETYPE_PEM)
> >
> > However the certificate is in the Windows Certificate Store. I'm
> trying to
> > write it out to a PEM file, but I'm not quite sure how to get the
> data that
> > goes in between ----BEGIN PRIVATE KEY---- and -----END PRIVATE
KEY---
> --.
> >
> > For the certificate pem file I can just base64 encode pbCertEncoded
> from
> > the CERT_CONTEXT, but not idea what to do for the private key. I've
> tried so
> > many things but all are incorrect. I've exported the file from the
> MMC
> > snap-in and used OpenSSL to convert it to a pem file and that works,
> but I
> > have no idea how to get that info programmatically.
> >
> > Any help would be appreciated.
> >
> > Tom Fili
> > Software Engineer
> > Analytical Graphics Inc.
> >
> >
>
