Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How do we get the private key to do digital signature?

63 views
Skip to first unread message

antony...@yahoo.com

unread,
Mar 31, 2007, 4:37:22 PM3/31/07
to
I've written a certification authority (CA). When my web users apply
for X.509 certificate from this CA, a VBScript generates within
Internet Explorer a public/private key pair and the Cert Signing
Request in PKCS#10 format. Such data are sent to the CA for a
certificate.

When the user tries to log into his online account, I would like to
let the client side digitally sign something (e.g., the user name or
email) with the user's private key and send it to my web application.

I assume that the public/private key pair is maintained by Internet
Explorer or the Windows system. But how do I get the user's private
key? I think this must be done with VBScript and the CryptoAPI. But
I have no idea where to start. Can you guys give me a hint?

Thank you so much!

AL

antony...@yahoo.com

unread,
Apr 1, 2007, 10:33:19 PM4/1/07
to
On Mar 31, 3:37 pm, "antonyliu2...@yahoo.com"

I have done some research about this. It looks like CAPICOM is the
thing I should use.

I have two questions for gurus who have experiences in CAPICOM about
the sample code listed at the following URL:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

/***********************************/
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "MY", _
CAPICOM_STORE_OPEN_READ_ONLY)
Signer.Certificate = MyStore.Certificates.Item(1)
/***********************************/

I think in my situation (see my first post in this thread), a cert
owner's private key is stored somewhere in Internet Explorer. So,

Q1: How can the VBScript code access the corresponding keystore? In
particular, what does "MY" mean in the above code? Can we name it
anything we like or is it a standard name of the keystore of the
current user?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

For those who are puzzled by this screen snapshot, it is a dialog box
Internet Explorer pops up when the web server requires client
authentication through digital certificates. The web application user
can then select the appropriate certificate and hit OK to submit it to
the web server.

Thank you very much.

Kalle Olavi Niemitalo

unread,
Apr 2, 2007, 3:13:46 AM4/2/07
to
"antony...@yahoo.com" <antony...@yahoo.com> writes:

> Q1: How can the VBScript code access the corresponding keystore? In
> particular, what does "MY" mean in the above code? Can we name it
> anything we like or is it a standard name of the keystore of the
> current user?

The documentation of Store.Open and CertOpenSystemStore mentions this:

http://msdn2.microsoft.com/en-us/library/aa388130.aspx
"CAPICOM_MY_STORE My store. This store is used for a user's
personal certificates.

http://msdn2.microsoft.com/en-us/library/aa376560.aspx
"MY A certificate store that holds certificates
with associated private keys."

antony...@yahoo.com

unread,
Apr 2, 2007, 12:31:35 PM4/2/07
to
On Apr 2, 2:13 am, Kalle Olavi Niemitalo <k...@iki.fi> wrote:


Thank you so much for the links. They are absolutely helpful.

Anyone has a hint about my 2nd question, repeated below?

Mitch Gallant

unread,
Apr 2, 2007, 12:48:53 PM4/2/07
to
<antony...@yahoo.com> wrote in message
news:1175531495.8...@y66g2000hsf.googlegroups.com...

> On Apr 2, 2:13 am, Kalle Olavi Niemitalo <k...@iki.fi> wrote:
>> "antonyliu2...@yahoo.com" <antonyliu2...@yahoo.com> writes:
= snip

> Anyone has a hint about my 2nd question, repeated below?
>
> Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
> code seems to be retrieving the first certificate in the keystore.
> How do I retrieve from the keystore the certificate which the user has
> selected from the popup dialog box as shown below?

From CAPICOM, you can use:
MyStore.Certificates.Find(....)
http://msdn2.microsoft.com/en-us/library/aa376505.aspx
to return another Certificates object which matches the criterion you
specify.
e.g. with the FindType argument set at
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME,
you can enter the SubjectName string or a substring of it and the
Certificate object will turn one item.

- Mitch Gallant
MVP Security
www.jensign.com


antony...@yahoo.com

unread,
Apr 2, 2007, 2:11:05 PM4/2/07
to
On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:
> <antonyliu2...@yahoo.com> wrote in message

Ha! Great. Thank you so much, Mitch. It looks like that I need to
have a good study of the MSDN CAPICOM documentation.

I am not good at VBScript. I will try to work on the VBScript code
for this purpose and see how it goes.

Mitch Gallant

unread,
Apr 2, 2007, 3:33:05 PM4/2/07
to
<antony...@yahoo.com> wrote in message
news:1175537465.8...@p77g2000hsh.googlegroups.com...

There are a number of smaller VBS with CAPICOM samples here:
http://www.jensign.com/JavaScience/www/wsh
and here:
http://www.jensign.com/JavaScience/cryptoutils

Also, the samples that come with CAPICOM installation at:
<instal-dir>\CAPICOM 2.1.0.1\samples\vbs
are quite useful.

- Mitch


antony...@yahoo.com

unread,
Apr 2, 2007, 5:54:05 PM4/2/07
to
> - Mitch- Hide quoted text -
>
> - Show quoted text -

Thank you so much. The site you referred to is really resourceful in
terms of cryptography. Let me peek around there and see if I can find
any snippet of code that exactly does what I want: sign a token using
the private key in VBScript.

antony...@yahoo.com

unread,
Apr 2, 2007, 5:56:26 PM4/2/07
to
> - Mitch- Hide quoted text -
>
> - Show quoted text -

Oh, btw, I thought you must know this, I've been polling the
openssl.users and openssl.dev groups with no luck.

One of the cert revocation reasons specified by RFC 3280 is Remove
from CRL (8). What does that mean? We request to have a cert revoked
for a reason called "Remove from CRL"? How does it make sense?
Thanks.

Kalle Olavi Niemitalo

unread,
Apr 3, 2007, 1:25:22 AM4/3/07
to
"antony...@yahoo.com" <antony...@yahoo.com> writes:

> One of the cert revocation reasons specified by RFC 3280 is Remove
> from CRL (8). What does that mean? We request to have a cert revoked
> for a reason called "Remove from CRL"? How does it make sense?

According to RFC 3280 section 5.2.4, removeFromCRL is used in
delta CRLs and means the certificate was listed in a previous CRL
but now should no longer be listed. This is used in two
situations:

- The certificate was put on hold rather than fully revoked, and
was then taken off hold.

- The certificate was revoked but has then already expired, and
the CRL issuer wants to reduce the amount of data it has to
distribute. (Each CRL comes with a thisUpdate field that
indicates when it was issued, so users of the CRL can in
principle detect such expirations even if their local clocks
are not reliable.)

antony...@yahoo.com

unread,
Apr 3, 2007, 4:34:18 PM4/3/07
to
On Apr 3, 12:25 am, Kalle Olavi Niemitalo <k...@iki.fi> wrote:

Ha, thanks, I kept ctrl-f-ing the rfc 3280 document for removeFromCRL,
but could not find the info. Thank you so much. That really helps.
Let me go check it again and see if certificateHold has been
deprecated.

antony...@yahoo.com

unread,
Apr 8, 2007, 12:47:07 AM4/8/07
to
On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:
> <antonyliu2...@yahoo.com> wrote in message

Hi, Mitch,

Thank you. I have started to look into the CAPICOM services. The MSDN
CAPICOM reference says:

Function Find( _
ByVal FindType As CAPICOM_CERTIFICATE_FIND_TYPE, _
[ ByVal varCriteria As Variant ], _
[ ByVal bFindValidOnly As Boolean ] _
) As Certificates

And exactly like what you said, we can retrieve a cert by find_type
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, and speicifying the
subject_name, for example, "John Doe".

But, in my situation, my web application requires client side
authentication through X.509 digital certificate. The web browswer
will popup a dialog box like the one below for the user to select his/
her cert and proceed.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Suppose the user selects "Hillary Clinton", how do I know in my
VBScript what has been selected? In other words, how do does the
VBScript code communicate with the IE popup dialog box?

Mitch Gallant

unread,
Apr 8, 2007, 3:24:10 PM4/8/07
to
<antony...@yahoo.com> wrote in message
news:1176007627.5...@p77g2000hsh.googlegroups.com...

I think you'd need to make the https (SSL) connection directly from your
VBSCript code using something similar to HTTPWebRequest. I think I did that
some time back .. can't remember. Search for that sort of COM object in vbs.
Should be similar to this .NET approach:
http://groups.google.com/group/microsoft.public.dotnet.security/browse_thread/thread/3e51cfef35c91770/8dfc5218aefcbcdf
where you add client certificates to the request before it is actually made.
- Mitch


antony...@yahoo.com

unread,
Apr 9, 2007, 3:23:55 PM4/9/07
to
> >VBScriptwhat has been selected? In other words, how do does the
> >VBScriptcode communicate with the IE popup dialog box?
>
> I think you'd need to make the https (SSL) connection directly from yourVBSCriptcode using something similar to HTTPWebRequest. I think I did that

> some time back .. can't remember. Search for that sort of COM object in vbs.
> Should be similar to this .NET approach:
> http://groups.google.com/group/microsoft.public.dotnet.security/brows...

> where you add client certificates to the request before it is actually made.
> - Mitch- Hide quoted text -
>
> - Show quoted text -

OK, thanks for the hint. The .NET approach of yours handles cert
stuffs on the server side. I have done this in Java, like generating
x.509 certs, encrypting/decrypting with key pairs. But I have no clue
how a token (for example a short string) can be signed on the client
side, using either vbscript or javascript.

Mitch Gallant

unread,
Apr 9, 2007, 3:31:22 PM4/9/07
to
<antony...@yahoo.com> wrote in message
news:1176146635.4...@o5g2000hsb.googlegroups.com...

That google link is .NET code for CLIENT selecting a cert to make https
client-auth connection ..
You can use CLINET vbs code with capicom (CAPICOM.SignedData object) to sign
anything you want to then POST to SSL server.
- Mitch


antony...@yahoo.com

unread,
Apr 9, 2007, 4:07:12 PM4/9/07
to
> > x.509 certs, encrypting/decrypting withkeypairs. But I have no clue

> > how a token (for example a short string) can be signed on the client
> > side, using eithervbscriptor javascript.

>
> That google link is .NET code for CLIENT selecting a cert to make https
> client-auth connection ..
> You can use CLINET vbs code with capicom (CAPICOM.SignedData object) to sign
> anything you want to then POST to SSL server.
> - Mitch- Hide quoted text -
>
> - Show quoted text -

Thx.

My existing client side script in VBScript can already send the
selected cert successfully to my web application. I will post the
script when I have access to my work station later today, so that you
can see how the selected cert is sent.

Maybe it is possible to modify the existing script in such a way that
I can get to know which cert has been selected.

AL

antony...@yahoo.com

unread,
Apr 9, 2007, 4:11:36 PM4/9/07
to
On Apr 9, 3:07 pm, "antonyliu2...@yahoo.com" <antonyliu2...@yahoo.com>
wrote:
> AL- Hide quoted text -

>
> - Show quoted text -

For right now, my web application knows whose cert was submitted after
it parses the intercepted cert. I wish I could do this on the client
side.


Mitch Gallant

unread,
Apr 9, 2007, 4:48:11 PM4/9/07
to
>>
>> My existing client side script in VBScript can already send the
>> selected cert successfully to my web application. I will post the
>> script when I have access to my work station later today, so that you
>> can see how the selected cert is sent.
>>
>> Maybe it is possible to modify the existing script in such a way that
>> I can get to know which cert has been selected.
>>
>> AL- Hide quoted text -
>>
>> - Show quoted text -
>
> For right now, my web application knows whose cert was submitted after
> it parses the intercepted cert. I wish I could do this on the client
> side.
>

I don't think you can intercept the IE cert-selection dialog if IE initiates
the SSL session with the server and invokes the client-authorization
cert-selection process. As I said earlier, you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL negotiatio
that way.

- Mitch


antony...@yahoo.com

unread,
Apr 9, 2007, 7:52:39 PM4/9/07
to
On Apr 9, 3:48 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:
> >> My existing client side script inVBScriptcan already send the
> - Mitch- Hide quoted text -

>
> - Show quoted text -

Hmm, it looks like you are right.

I just checked the source code of the Login HTML page and there is
nothing special there!

Look, this is the source code screen snapshot:

http://farm1.static.flickr.com/248/453147844_430f70367a_o.png

And this is how this web form appears in IE:

http://farm1.static.flickr.com/192/453147858_57d693694d_o.png

And the the source code in plain text (nothing special!)

<form action="https://www.myhost.com:8443/mybank/LoginServlet"
method="post" name="bankloginform" id="bankloginform" onSubmit="return
emailCheck(bankloginform.email.value) &&

passwordCheck()">
<p>Please login using your email address and the password you
supplied the time
you signed up with the bank.
</p>
<p>Please note that you need a valid certificate to login. If you do
not have
a certificate yet, you can apply one for free right now.
</p>
<p>Your browser never knows if your certificate is revoked, but we
do know.
So, if your certificate has been revoked, you won't be able to
login.</p>
<table width="39%" border="0">
<tr>
<td width="21%" height="26"> <p align="right">e-mail:</td>
<td width="79%"><input name="email" type="text" id="email"
size="48"></td>
</tr>
<tr>
<td rowspan="2" valign="top"><div align="right">Password:</div></
td>
<td><input name="password" type="password" id="password"
size="48" maxlength="48"></td>
</tr>
<tr>
<td><input name=login type=submit id="login2" value="Login"></
td>
</tr>
</table>
</form>

OK, let's turn back to your suggestion: you'd have to invoke the SSL


session from vbs itself and then select the cert and pass to SSL

negotiation that way.

How do we invoke SSL from vbs? I have never done this.

AL

Mitch Gallant

unread,
Apr 9, 2007, 8:44:00 PM4/9/07
to
<antony...@yahoo.com> wrote in message
news:1176162759....@l77g2000hsb.googlegroups.com...

OK first of all, I'll reiterate that I have been able to do this from a
standalone .NET 1.1 client using basic code like this:
--------- .NET 1.1 snippet to connect to SSL server requiring
client-certificate authentication -----
X509Certificate jscert = X509Certificate.CreateFromCertFile(certfile);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.ClientCertificates.Add(jscert);
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
------------------------
and with .NET 2, you can use all the support for searching and finding
certificates (so you wouldn't need to use CAPICOM from .NET).

I think that you could use the WinHttpRequest COM object like so:

--- VBScript sample to connect to SSL server requiring client-cert
authentication --------
.....
Dim HttpReq As Object
' Instantiate the WinHTTPRequest ActiveX Object.
Set HttpReq = New WinHttpRequest

' Open an HTTP connection.
HttpReq.Open "GET", "https://somesecureurl/", False

'Select a client certificate.
HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
Certificate"

' Send the HTTP Request.
HttpReq.Send
-----------------------

check out MSDN docs on WinHttpRequest COM object (part of Windows HTTP
Services) at:
http://msdn2.microsoft.com/en-us/library/aa384106.aspx

- Mitch

Mitch Gallant

unread,
Apr 9, 2007, 8:50:35 PM4/9/07
to
"Mitch Gallant" <jens...@community.nospam> wrote in message
news:OBLPslwe...@TK2MSFTNGP05.phx.gbl...

Forgot to add this useful reference information:
"SSL in WinHTTP"
http://msdn2.microsoft.com/en-us/library/aa384076.aspx


antony...@yahoo.com

unread,
Apr 9, 2007, 9:09:00 PM4/9/07
to
On Apr 9, 7:44 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

> OK first of all, I'll reiterate that I have been able to do this from a
> standalone .NET 1.1 client using basic code like this:
> --------- .NET 1.1 snippet to connect to SSL server requiring
> client-certificate authentication -----
> X509Certificate jscert = X509Certificate.CreateFromCertFile(certfile);
> HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
> req.ClientCertificates.Add(jscert);
> HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
> ------------------------
> and with .NET 2, you can use all the support for searching and finding
> certificates (so you wouldn't need to use CAPICOM from .NET).
>
> I think that you could use the WinHttpRequest COM object like so:
>

> ---VBScriptsample to connect to SSL server requiring client-cert


> authentication --------
> .....
> Dim HttpReq As Object
> ' Instantiate the WinHTTPRequest ActiveX Object.
> Set HttpReq = New WinHttpRequest
>
> ' Open an HTTP connection.
> HttpReq.Open "GET", "https://somesecureurl/", False
>
> 'Select a client certificate.
> HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
> Certificate"
>
> ' Send the HTTP Request.
> HttpReq.Send
> -----------------------
>
> check out MSDN docs on WinHttpRequest COM object (part of Windows HTTP
> Services) at:http://msdn2.microsoft.com/en-us/library/aa384106.aspx
>

> - Mitch-

Thank you so much. My web application is developed in Java and runs
on Tomcat 6.0. So, I won't be able to use the .Net technology. That
said, I am interested in your vbs sample.

In your vbs sample, you have:

'Select a client certificate.
HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
Certificate"

This sample code is also available at
http://msdn2.microsoft.com/en-us/library/aa384055.aspx

Unfortunately, these snippets of code over there all presuppose that
the vbs programmer knows which client certificate to use.

But, in my case, I do not know which certificate is selected unless I
can poll the IE popup dialog box through some API after the user
clicks "OK".

Am I following?

antony...@yahoo.com

unread,
Apr 9, 2007, 9:14:25 PM4/9/07
to
On Apr 9, 7:50 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:
>
> Forgot to add this useful reference information:
> "SSL in WinHTTP"http://msdn2.microsoft.com/en-us/library/aa384076.aspx- Hide quoted text -
>

On this page, right above the sample code, it says:

"The following code example shows how to open a certificate store and
locate a certificate based on subject name .... "

Again, it assumes that the programmer knows the subject name of the
client cert, which is not true in my case.

Mitch Gallant

unread,
Apr 9, 2007, 9:22:48 PM4/9/07
to
<antony...@yahoo.com> wrote in message
news:1176167665.2...@d57g2000hsg.googlegroups.com...

The doc for http indicates that if no cert is specified, then the first one
found will be used.
THere are some reasonable defaults. Again you can force a dialog on the user
to have him selecdt a cert (e.g. with CAPICOM via vbs) and then use that one
in the vbs SSL negotiation.
Again, there is no way to intersept the IE dialog from script.
- Mitch


Mitch Gallant

unread,
Apr 9, 2007, 9:26:06 PM4/9/07
to
<antony...@yahoo.com> wrote in message
news:1176167340....@b75g2000hsg.googlegroups.com...

Yes, but read the default settings on SetClientCertificate in the docs
there.
If IE finds more than one valid cert (for SSL authentication purposes) it
pops a dialog.
You will need to pop a dialog on your client, or else code searching his MY
certs store for one with the necessary client-authenticadtion attributes and
if more than one, pop a vb dialog on them.
You have some more coding to do to achieve what IE does.
- Mitch


antony...@yahoo.com

unread,
Apr 9, 2007, 9:44:22 PM4/9/07
to
On Apr 9, 8:26 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:
>
> Yes, but read the default settings on SetClientCertificate in the docs
> there.
> If IE finds more than one valid cert (for SSL authentication purposes) it
> pops a dialog.
> You will need to pop a dialog on your client, or else code searching his MY
> certs store for one with the necessary client-authenticadtion attributes and
> if more than one, pop a vb dialog on them.
> You have some more coding to do to achieve what IE does.
> - Mitch-

The popup dialog shown at the following URL

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

is exactly on the client side with IE. So, I think you are suggesting
that I do

(1) initiate the https request from vbs like in the example you showed
as follows:

' Open an HTTP connection.
HttpReq.Open "GET", "https://somesecureurl/", False

This will presumably prevent IE from popping up the dialog box.

(2) then in my vbs code, I search the key store, and find the
corresponding client certificate and submit it. Well, since the user
will enter his email on my login page, and the certificate contains
user email address, I should be able to locate client cert given this
info.

In other words, your suggestion is that we select the client cert
*for* the end user from the given subject info (such as the email
address), and the end user is not given the option to select his
cert. This way, we don't have to worry about polling the IE popup
dialog box, which you say is impossible.

Am I getting your idea?

Mitch Gallant

unread,
Apr 9, 2007, 10:04:56 PM4/9/07
to
<antony...@yahoo.com> wrote in message
news:1176169462.3...@d57g2000hsg.googlegroups.com...

Yes that is roughly what I was thinking.
If IE directly makes the SSL request (which you don't want because you can't
intercept the certificate dialog) then it pops up its own cert-selection
dialog.
If your vbs makes the SSL GET request, then you have full control of poping
a custom user cert selection or, as discussed above, you can find the cert
for the client (since it should be simple in most cases). Then, withing vbs
you can access the associated private key and sign anything you wish like
so:
http://www.jensign.com/JavaScience/www/wsh/capicom/clientsign
(note that this page uses a Java applet for MS JVM to access local file
system so that part might not work but signing any field or the entire web
html page will work).

- Mitch

antony...@yahoo.com

unread,
Apr 10, 2007, 10:54:44 AM4/10/07
to
On Apr 9, 9:04 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:
> <antonyliu2...@yahoo.com> wrote in message

>
> news:1176169462.3...@d57g2000hsg.googlegroups.com...
>
>
>
>
>
> > On Apr 9, 8:26 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:
>
> >> Yes, but read the default settings on SetClientCertificate in the docs
> >> there.
> >> If IE finds more than one valid cert (for SSL authentication purposes) it
> >> pops a dialog.
> >> You will need to pop a dialog on your client, or else code searching his
> >> MY
> >> certs store for one with the necessary client-authenticadtion attributes
> >> and
> >> if more than one, pop a vb dialog on them.
> >> You have some more coding to do to achieve what IE does.
> >> - Mitch-
>
> > The popup dialog shown at the following URL
>
> >http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png
>
> > is exactly on the client side with IE. So, I think you are suggesting
> > that I do
>
> > (1) initiate the https request from vbs like in the example you showed
> > as follows:
>
> > ' Open an HTTP connection.
> > HttpReq.Open "GET", "https://somesecureurl/", False
>
> > This will presumably prevent IE from popping up the dialog box.
>
> > (2) then in my vbs code, I search thekeystore, and find the

> > corresponding client certificate and submit it. Well, since the user
> > will enter his email on my login page, and the certificate contains
> > user email address, I should be able to locate client cert given this
> > info.
>
> > In other words, your suggestion is that we select the client cert
> > *for* the end user from the given subject info (such as the email
> > address), and the end user is not given the option to select his
> > cert. This way, we don't have to worry about polling the IE popup
> > dialog box, which you say is impossible.
>
> > Am I getting your idea?
>
> Yes that is roughly what I was thinking.
> If IE directly makes the SSL request (which you don't want because you can't
> intercept the certificate dialog) then it pops up its own cert-selection
> dialog.
> If your vbs makes the SSL GET request, then you have full control of poping
> a custom user cert selection or, as discussed above, you can find the cert
> for the client (since it should be simple in most cases). Then, withing vbs
> you can access the associatedprivatekeyand sign anything you wish like

> so:
> http://www.jensign.com/JavaScience/www/wsh/capicom/clientsign
> (note that this page uses a Java applet for MS JVM to access local file
> system so that part might not work but signing any field or the entire web
> html page will work).
>
> - Mitch- Hide quoted text -
>
> - Show quoted text -

OK, it looks like that I also need to get the CA public key from the
web application's SSL certificate.

Suppose the end user has a cert from Thawte, and a cert from VeriSign
and the web application's SSL cert is signed by VeriSign.

I need to select the right cert for the end user, right? So, some
info about the web app's SSL cert is needed in order to locate the
right client cert.

Do you agree?

Mitch Gallant

unread,
Apr 10, 2007, 11:43:58 AM4/10/07
to
<antony...@yahoo.com> wrote in message
news:1176216884.4...@e65g2000hsc.googlegroups.com...

No, the SSL certificate (and it's trusted issuer) is separate from the
client-cert and it's trust issuance.
They can be issued by different CA certs. Client code doesn't care about
that (for usage of client-cert for signing data).
- Mitch

antony...@yahoo.com

unread,
Apr 10, 2007, 12:11:57 PM4/10/07
to
On Apr 10, 10:43 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:
>

> > OK, it looks like that I also need to get the CA public key from the
> > web application's SSL certificate.
>
> > Suppose the end user has a cert from Thawte, and a cert from VeriSign
> > and the web application's SSL cert is signed by VeriSign.
>
> > I need to select the right cert for the end user, right? So, some
> > info about the web app's SSL cert is needed in order to locate the
> > right client cert.
>
> > Do you agree?
>
> No, the SSL certificate (and it's trusted issuer) is separate from the
> client-cert and it's trust issuance.
> They can be issued by different CA certs. Client code doesn't care about
> that (for usage of client-cert for signing data).
> - Mitch- Hide quoted text -
>
> - Show quoted text -

OK, I guess I did not make it clear.

I understand that the SSL cert of a web application is different from
a client cert, and this is exactly why I am having the question.

Again,

(1) suppose my web application's SSL cert is from VeriSign, and my web
application *only* accepts client certs signed by VeriSign.

(2) suppose a user of my web application has two certs, one from
Thawte and the other from VeriSign.

Question: Don't I have to select for the web user the client cert
issued by VeriSign in order for him/her to get authenticated?

And if the answer is yes, then the vbs programmer apparently needs to
know the signer's public key of the web application's SSL cert, in
order to select the right client cert for the web user.

You see my concern now? Thanks.

Mitch Gallant

unread,
Apr 10, 2007, 12:23:00 PM4/10/07
to
<antony...@yahoo.com> wrote in message
news:1176221517.1...@y5g2000hsa.googlegroups.com...

> On Apr 10, 10:43 am, "Mitch Gallant" <jensig...@community.nospam>
> wrote:
-- snip

> I understand that the SSL cert of a web application is different from
> a client cert, and this is exactly why I am having the question.
>
> Again,
>
> (1) suppose my web application's SSL cert is from VeriSign, and my web
> application *only* accepts client certs signed by VeriSign.
>
> (2) suppose a user of my web application has two certs, one from
> Thawte and the other from VeriSign.
>
> Question: Don't I have to select for the web user the client cert
> issued by VeriSign in order for him/her to get authenticated?
>

Obviously if the server is configured to require only client-certs issued by
a specific CA then the client must choose such a client cert (or you must
choose it for him programatically).


antony...@yahoo.com

unread,
Apr 10, 2007, 12:35:43 PM4/10/07
to
On Apr 10, 11:23 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:
> <antonyliu2...@yahoo.com> wrote in message

OK, great. So, the vbs programmer does have to extract the public key
from the web application's SSL cert, right?

Can we do the whole thing on the client side with vbs + CAPICOM API?

SelmaGüzel

unread,
May 7, 2010, 8:44:56 AM5/7/10
to
Hi,

I do need a c# example to get private key from usb token for digital signing.

I downloaded capicom 2 sdk and checked the samples; however I couldn't find what I exactly want.

Could you send a sample fro this to my email?
slm_...@hotmail.com

thanks in advance...

antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
01-Apr-07

On Mar 31, 3:37 pm, "antonyliu2...@yahoo.com"
<antonyliu2...@yahoo.com> wrote:

I have done some research about this. It looks like CAPICOM is the
thing I should use.

I have two questions for gurus who have experiences in CAPICOM about
the sample code listed at the following URL:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

/***********************************/
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "MY", _
CAPICOM_STORE_OPEN_READ_ONLY)
Signer.Certificate = MyStore.Certificates.Item(1)
/***********************************/

I think in my situation (see my first post in this thread), a cert
owner's private key is stored somewhere in Internet Explorer. So,

Q1: How can the VBScript code access the corresponding keystore? In
particular, what does "MY" mean in the above code? Can we name it
anything we like or is it a standard name of the keystore of the
current user?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

For those who are puzzled by this screen snapshot, it is a dialog box
Internet Explorer pops up when the web server requires client
authentication through digital certificates. The web application user
can then select the appropriate certificate and hit OK to submit it to
the web server.

Thank you very much.

Previous Posts In This Thread:

On Saturday, March 31, 2007 3:37 PM
antonyliu200 wrote:

How do we get the private key to do digital signature?
I've written a certification authority (CA). When my web users apply
for X.509 certificate from this CA, a VBScript generates within
Internet Explorer a public/private key pair and the Cert Signing
Request in PKCS#10 format. Such data are sent to the CA for a
certificate.

When the user tries to log into his online account, I would like to
let the client side digitally sign something (e.g., the user name or
email) with the user's private key and send it to my web application.

I assume that the public/private key pair is maintained by Internet
Explorer or the Windows system. But how do I get the user's private
key? I think this must be done with VBScript and the CryptoAPI. But
I have no idea where to start. Can you guys give me a hint?

Thank you so much!

AL

On Sunday, April 01, 2007 10:33 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
On Mar 31, 3:37 pm, "antonyliu2...@yahoo.com"
<antonyliu2...@yahoo.com> wrote:

I have done some research about this. It looks like CAPICOM is the
thing I should use.

I have two questions for gurus who have experiences in CAPICOM about
the sample code listed at the following URL:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

/***********************************/
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "MY", _
CAPICOM_STORE_OPEN_READ_ONLY)
Signer.Certificate = MyStore.Certificates.Item(1)
/***********************************/

I think in my situation (see my first post in this thread), a cert
owner's private key is stored somewhere in Internet Explorer. So,

Q1: How can the VBScript code access the corresponding keystore? In
particular, what does "MY" mean in the above code? Can we name it
anything we like or is it a standard name of the keystore of the
current user?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

For those who are puzzled by this screen snapshot, it is a dialog box
Internet Explorer pops up when the web server requires client
authentication through digital certificates. The web application user
can then select the appropriate certificate and hit OK to submit it to
the web server.

Thank you very much.

On Monday, April 02, 2007 3:13 AM
Kalle Olavi Niemitalo wrote:

Re: How do we get the private key to do digital signature?
"antony...@yahoo.com" <antony...@yahoo.com> writes:


The documentation of Store.Open and CertOpenSystemStore mentions this:

http://msdn2.microsoft.com/en-us/library/aa388130.aspx
"CAPICOM_MY_STORE My store. This store is used for a user's
personal certificates.

http://msdn2.microsoft.com/en-us/library/aa376560.aspx
"MY A certificate store that holds certificates
with associated private keys."

On Monday, April 02, 2007 12:31 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 2, 2:13 am, Kalle Olavi Niemitalo <k...@iki.fi> wrote:


Thank you so much for the links. They are absolutely helpful.

Anyone has a hint about my 2nd question, repeated below?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user has
selected from the popup dialog box as shown below?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

For those who are puzzled by this screen snapshot, it is a dialog box
Internet Explorer pops up when the web server requires client
authentication through digital certificates. The web application user
can then select the appropriate certificate and hit OK to submit it to
the web server.

Thank you very much.

On Monday, April 02, 2007 12:48 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1175531495.8...@y66g2000hsf.googlegroups.com...
= snip


From CAPICOM, you can use:
MyStore.Certificates.Find(....)
http://msdn2.microsoft.com/en-us/library/aa376505.aspx
to return another Certificates object which matches the criterion you
specify.
e.g. with the FindType argument set at
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME,
you can enter the SubjectName string or a substring of it and the
Certificate object will turn one item.

- Mitch Gallant
MVP Security
www.jensign.com

On Monday, April 02, 2007 2:11 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:

Ha! Great. Thank you so much, Mitch. It looks like that I need to


have a good study of the MSDN CAPICOM documentation.

I am not good at VBScript. I will try to work on the VBScript code
for this purpose and see how it goes.

On Monday, April 02, 2007 3:33 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1175537465.8...@p77g2000hsh.googlegroups.com...

There are a number of smaller VBS with CAPICOM samples here:
http://www.jensign.com/JavaScience/www/wsh
and here:
http://www.jensign.com/JavaScience/cryptoutils

Also, the samples that come with CAPICOM installation at:
<instal-dir>\CAPICOM 2.1.0.1\samples\vbs
are quite useful.

- Mitch

On Monday, April 02, 2007 5:54 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 2, 2:33 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

Thank you so much. The site you referred to is really resourceful in
terms of cryptography. Let me peek around there and see if I can find
any snippet of code that exactly does what I want: sign a token using
the private key in VBScript.

On Monday, April 02, 2007 5:56 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 2, 2:33 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

Oh, btw, I thought you must know this, I've been polling the
openssl.users and openssl.dev groups with no luck.

One of the cert revocation reasons specified by RFC 3280 is Remove


from CRL (8). What does that mean? We request to have a cert revoked
for a reason called "Remove from CRL"? How does it make sense?

Thanks.

On Tuesday, April 03, 2007 1:25 AM
Kalle Olavi Niemitalo wrote:

Re: How do we get the private key to do digital signature?
"antony...@yahoo.com" <antony...@yahoo.com> writes:


According to RFC 3280 section 5.2.4, removeFromCRL is used in
delta CRLs and means the certificate was listed in a previous CRL
but now should no longer be listed. This is used in two
situations:

- The certificate was put on hold rather than fully revoked, and
was then taken off hold.

- The certificate was revoked but has then already expired, and
the CRL issuer wants to reduce the amount of data it has to
distribute. (Each CRL comes with a thisUpdate field that
indicates when it was issued, so users of the CRL can in
principle detect such expirations even if their local clocks
are not reliable.)

On Tuesday, April 03, 2007 4:34 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 3, 12:25 am, Kalle Olavi Niemitalo <k...@iki.fi> wrote:

Ha, thanks, I kept ctrl-f-ing the rfc 3280 document for removeFromCRL,
but could not find the info. Thank you so much. That really helps.
Let me go check it again and see if certificateHold has been
deprecated.

On Sunday, April 08, 2007 12:47 AM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@community.nospam>
wrote:

Hi, Mitch,

Thank you. I have started to look into the CAPICOM services. The MSDN
CAPICOM reference says:

Function Find( _
ByVal FindType As CAPICOM_CERTIFICATE_FIND_TYPE, _
[ ByVal varCriteria As Variant ], _
[ ByVal bFindValidOnly As Boolean ] _
) As Certificates

And exactly like what you said, we can retrieve a cert by find_type
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, and speicifying the
subject_name, for example, "John Doe".

But, in my situation, my web application requires client side
authentication through X.509 digital certificate. The web browswer
will popup a dialog box like the one below for the user to select his/
her cert and proceed.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Suppose the user selects "Hillary Clinton", how do I know in my

VBScript what has been selected? In other words, how do does the
VBScript code communicate with the IE popup dialog box?

On Sunday, April 08, 2007 3:24 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176007627.5...@p77g2000hsh.googlegroups.com...

I think you'd need to make the https (SSL) connection directly from your

VBSCript code using something similar to HTTPWebRequest. I think I did that

some time back .. can't remember. Search for that sort of COM object in vbs.
Should be similar to this .NET approach:

http://groups.google.com/group/microsoft.public.dotnet.security/browse_thread/thread/3e51cfef35c91770/8dfc5218aefcbcdf


where you add client certificates to the request before it is actually made.
- Mitch

On Monday, April 09, 2007 3:23 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 8, 2:24 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

OK, thanks for the hint. The .NET approach of yours handles cert
stuffs on the server side. I have done this in Java, like generating

x.509 certs, encrypting/decrypting with key pairs. But I have no clue


how a token (for example a short string) can be signed on the client
side, using either vbscript or javascript.

On Monday, April 09, 2007 3:31 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176146635.4...@o5g2000hsb.googlegroups.com...

That google link is .NET code for CLIENT selecting a cert to make https
client-auth connection ..
You can use CLINET vbs code with capicom (CAPICOM.SignedData object) to sign
anything you want to then POST to SSL server.
- Mitch

On Monday, April 09, 2007 4:07 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
On Apr 9, 2:31 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

Thx.

My existing client side script in VBScript can already send the


selected cert successfully to my web application. I will post the
script when I have access to my work station later today, so that you
can see how the selected cert is sent.

Maybe it is possible to modify the existing script in such a way that
I can get to know which cert has been selected.

AL

On Monday, April 09, 2007 4:11 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?
wrote:

For right now, my web application knows whose cert was submitted after
it parses the intercepted cert. I wish I could do this on the client
side.

On Monday, April 09, 2007 4:48 PM
Mitch Gallant wrote:

I don't think you can intercept the IE cert-selection dialog if IE initiates
I don't think you can intercept the IE cert-selection dialog if IE initiates
the SSL session with the server and invokes the client-authorization
cert-selection process. As I said earlier, you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL negotiatio
that way.

- Mitch

On Monday, April 09, 2007 7:52 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?

http://farm1.static.flickr.com/248/453147844_430f70367a_o.png

http://farm1.static.flickr.com/192/453147858_57d693694d_o.png

AL

On Monday, April 09, 2007 8:44 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176162759....@l77g2000hsb.googlegroups.com...

OK first of all, I'll reiterate that I have been able to do this from a
standalone .NET 1.1 client using basic code like this:

--------- .NET 1.1 snippet to connect to SSL server requiring

client-certificate authentication -----
X509Certificate jscert = X509Certificate.CreateFromCertFile(certfile);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.ClientCertificates.Add(jscert);
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
------------------------
and with .NET 2, you can use all the support for searching and finding
certificates (so you wouldn't need to use CAPICOM from .NET).

I think that you could use the WinHttpRequest COM object like so:

--- VBScript sample to connect to SSL server requiring client-cert
authentication --------
......


Dim HttpReq As Object
' Instantiate the WinHTTPRequest ActiveX Object.
Set HttpReq = New WinHttpRequest

' Open an HTTP connection.


HttpReq.Open "GET", "https://somesecureurl/", False

'Select a client certificate.


HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
Certificate"

' Send the HTTP Request.
HttpReq.Send
-----------------------

check out MSDN docs on WinHttpRequest COM object (part of Windows HTTP
Services) at:
http://msdn2.microsoft.com/en-us/library/aa384106.aspx

- Mitch

On Monday, April 09, 2007 8:50 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?


Forgot to add this useful reference information:
"SSL in WinHTTP"
http://msdn2.microsoft.com/en-us/library/aa384076.aspx

On Monday, April 09, 2007 9:09 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 9, 7:44 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:


Thank you so much. My web application is developed in Java and runs
on Tomcat 6.0. So, I won't be able to use the .Net technology. That
said, I am interested in your vbs sample.

In your vbs sample, you have:

'Select a client certificate.
HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
Certificate"

This sample code is also available at
http://msdn2.microsoft.com/en-us/library/aa384055.aspx

Unfortunately, these snippets of code over there all presuppose that
the vbs programmer knows which client certificate to use.

But, in my case, I do not know which certificate is selected unless I
can poll the IE popup dialog box through some API after the user
clicks "OK".

Am I following?

On Monday, April 09, 2007 9:14 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 9, 7:50 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

On this page, right above the sample code, it says:

"The following code example shows how to open a certificate store and
locate a certificate based on subject name .... "

Again, it assumes that the programmer knows the subject name of the
client cert, which is not true in my case.

On Monday, April 09, 2007 9:22 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176167665.2...@d57g2000hsg.googlegroups.com...

The doc for http indicates that if no cert is specified, then the first one
found will be used.
THere are some reasonable defaults. Again you can force a dialog on the user
to have him selecdt a cert (e.g. with CAPICOM via vbs) and then use that one
in the vbs SSL negotiation.
Again, there is no way to intersept the IE dialog from script.
- Mitch

On Monday, April 09, 2007 9:26 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176167340....@b75g2000hsg.googlegroups.com...

Yes, but read the default settings on SetClientCertificate in the docs
there.
If IE finds more than one valid cert (for SSL authentication purposes) it
pops a dialog.
You will need to pop a dialog on your client, or else code searching his MY
certs store for one with the necessary client-authenticadtion attributes and
if more than one, pop a vb dialog on them.
You have some more coding to do to achieve what IE does.
- Mitch

On Monday, April 09, 2007 9:44 PM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 9, 8:26 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

The popup dialog shown at the following URL

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

is exactly on the client side with IE. So, I think you are suggesting
that I do

(1) initiate the https request from vbs like in the example you showed
as follows:

' Open an HTTP connection.
HttpReq.Open "GET", "https://somesecureurl/", False

This will presumably prevent IE from popping up the dialog box.

(2) then in my vbs code, I search the key store, and find the


corresponding client certificate and submit it. Well, since the user
will enter his email on my login page, and the certificate contains
user email address, I should be able to locate client cert given this
info.

In other words, your suggestion is that we select the client cert
*for* the end user from the given subject info (such as the email
address), and the end user is not given the option to select his
cert. This way, we don't have to worry about polling the IE popup
dialog box, which you say is impossible.

Am I getting your idea?

On Monday, April 09, 2007 10:04 PM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176169462.3...@d57g2000hsg.googlegroups.com...

Yes that is roughly what I was thinking.
If IE directly makes the SSL request (which you don't want because you can't
intercept the certificate dialog) then it pops up its own cert-selection
dialog.
If your vbs makes the SSL GET request, then you have full control of poping
a custom user cert selection or, as discussed above, you can find the cert
for the client (since it should be simple in most cases). Then, withing vbs

you can access the associated private key and sign anything you wish like

so:
http://www.jensign.com/JavaScience/www/wsh/capicom/clientsign
(note that this page uses a Java applet for MS JVM to access local file
system so that part might not work but signing any field or the entire web
html page will work).

- Mitch

On Tuesday, April 10, 2007 10:54 AM
antonyliu200 wrote:

Re: How do we get the private key to do digital signature?


On Apr 9, 9:04 pm, "Mitch Gallant" <jensig...@community.nospam> wrote:

OK, it looks like that I also need to get the CA public key from the
web application's SSL certificate.

Suppose the end user has a cert from Thawte, and a cert from VeriSign
and the web application's SSL cert is signed by VeriSign.

I need to select the right cert for the end user, right? So, some
info about the web app's SSL cert is needed in order to locate the
right client cert.

Do you agree?

On Tuesday, April 10, 2007 11:43 AM
Mitch Gallant wrote:

Re: How do we get the private key to do digital signature?
<antony...@yahoo.com> wrote in message
news:1176216884.4...@e65g2000hsc.googlegroups.com...

No, the SSL certificate (and it's trusted issuer) is separate from the
client-cert and it's trust issuance.
They can be issued by different CA certs. Client code doesn't care about
that (for usage of client-cert for signing data).
- Mitch

On Friday, May 07, 2010 8:43 AM
Selma G?zel wrote:

c# code sample for capicom2 dll
Hi,

I do need a c# example to get private key from usb token for digital signing.

I downloaded capicom 2 sdk and checked the samples; however I couldn't find what I exactly want.

Could you send a sample fro this to my email?
slm_...@hotmail.com

thanks in advance...


Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Report Engine, Part 4
http://www.eggheadcafe.com/tutorials/aspnet/5ac799db-385f-431a-8a45-8b37cb7f3186/wpf-report-engine-part-4.aspx

SelmaGüzel

unread,
May 7, 2010, 8:45:47 AM5/7/10
to
Hi,

thanks in advance...

antonyliu200 wrote:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

Thank you so much!

AL

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

- Mitch

Hi, Mitch,

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thx.

AL

- Mitch

http://farm1.static.flickr.com/248/453147844_430f70367a_o.png

http://farm1.static.flickr.com/192/453147858_57d693694d_o.png

AL

- Mitch

Am I following?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

- Mitch

Do you agree?

thanks in advance...

On Friday, May 07, 2010 8:44 AM
Selma G?zel wrote:

c# code sample for capicom2 dll
Hi,

I do need a c# example to get private key from usb token for digital signing.

I downloaded capicom 2 sdk and checked the samples; however I couldn't find what I exactly want.

Could you send a sample fro this to my email?
slm_...@hotmail.com

thanks in advance...


Submitted via EggHeadCafe - Software Developer Portal of Choice

Using VSTO Add-In To Automate Frequent Excel 2007 Tasks
http://www.eggheadcafe.com/tutorials/aspnet/ff2d1d4b-aedf-4d14-9e60-39a86ccab5d6/using-vsto-addin-to-auto.aspx

SelmaGüzel

unread,
May 7, 2010, 8:43:58 AM5/7/10
to
Hi,

thanks in advance...

antonyliu200 wrote:

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

Thank you so much!

AL

http://msdn2.microsoft.com/en-us/library/aa387760.aspx

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thank you very much.

- Mitch

Hi, Mitch,

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Thx.

AL

- Mitch

http://farm1.static.flickr.com/248/453147844_430f70367a_o.png

http://farm1.static.flickr.com/192/453147858_57d693694d_o.png

AL

- Mitch

Am I following?

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

- Mitch

Do you agree?

Submitted via EggHeadCafe - Software Developer Portal of Choice

Free Online Courses Available for Eggheadcafe.com Users
http://www.eggheadcafe.com/tutorials/aspnet/5261083e-6e03-4b25-8728-fc3cf6855293/free-online-courses-avail.aspx

0 new messages