Re: Using certificate and private key from Windows cert store with OpenSSL

Tue, 01 Nov 2011 12:23:12 -0700 

Or you could use CryptoAPI functions to get the certificates
(not private keys) from CryptoAPI and load them into OpenSSL.

Note that while your original post used the historic CryptoAPI specific
structures for bare RSA keys, which differ a lot from their OpenSSL
counterparts, the CryptoAPI certificate functions (CertXxx) tend to
provide and accept raw DER encoded certificate blobs, which can
also be handled by OpenSSL.

On 11/1/2011 8:13 PM, Vladimir Belov wrote:
Thanks for answer, Stephen. Does it mean that if I want to perform Certificate Verification with Windows CryptoAPI I must manually extract certificate from handshake procedure or get it through callback function, change its format (to be compatible with WinAPI functions) and give it to WinAPI functions for next verifications of certificate with Windows CryptoAPI? 


From: Dr. Stephen Henson
Sent: Tuesday, November 01, 2011 10:45 PM
To: openssl-users@openssl.org
Subject: Re: Using certificate and private key from Windows cert store with OpenSSL 


On Tue, Nov 01, 2011, Vladimir Belov wrote:



>
> How to use  some "engine API" in my program? What is the name of
> this "some engine API" or engine plug-in?
>
> Please, give a small example or where can I find documentation about
> this? Is any documentation on the openssl.org?
>



Note that the ENGINE API currently only accesses keys and not
certificates. The CryptoAPI ENGINE can be used to redirect operations to
private keys stored on Windows.



Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager majord...@openssl.org 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to