Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CryptMsgControl(...,CMSG_CTRL_ADD_SIGNER,...) return error: NTE_PERM (0x80090010)

120 views
Skip to first unread message

Slawomir Marciniak

unread,
Apr 20, 2001, 11:31:28 AM4/20/01
to
I use CryptMsgControl(...,CMSG_CTRL_ADD_SIGNER,...) to add next signature
to already PKCS7 signed message.
Everythink work correctly only on Windows 2000. On other (NT4/Win98)
CryptMsgControl return error NTE_PERM.

Any suggestions?

Slawomir Marciniak
SUNTECH Sp. z o.o.

Sample
Existing msg is opened by CryptMsgOpenToDecode.

BOOL AddSignToMessage(PCCERT_CONTEXT pCert,HCRYPTMSG hMsg,PCERT_BLOB
pSignedMsg,DWORD dwFlags)
{
CMSG_SIGNER_ENCODE_INFO SignerEncodeInfo;
ZeroMemory(&SignerEncodeInfo, sizeof(CMSG_SIGNER_ENCODE_INFO));
BOOL bCallerFreeProv;
HCRYPTPROV hProv=NULL;
DWORD dwKeySpec=0;
if(!CryptAcquireCertificatePrivateKey(
pCert,
CRYPT_ACQUIRE_CACHE_FLAG,
NULL,
&hProv,
&dwKeySpec,
&bCallerFreeProv))
{
return FALSE;
}
SignerEncodeInfo.cbSize = sizeof(CMSG_SIGNER_ENCODE_INFO);
SignerEncodeInfo.pCertInfo = pCert->pCertInfo;
SignerEncodeInfo.hCryptProv = hProv;
SignerEncodeInfo.dwKeySpec = dwKeySpec;
SignerEncodeInfo.HashAlgorithm.pszObjId = szOID_RSA_MD5;
SignerEncodeInfo.pvHashAuxInfo = NULL;

FILETIME ft;
GetSystemTimeAsFileTime(&ft);
CRYPT_ATTR_BLOB cablob={0,NULL};
CRYPT_ATTRIBUTE ca={szOID_RSA_signingTime,1,&cablob};

if(CryptAllocAndEncode(szOID_RSA_signingTime,(LPVOID)&ft,&cablob))
{
SignerEncodeInfo.cAuthAttr=1;
SignerEncodeInfo.rgAuthAttr=&ca;
}

if(!CryptMsgControl(
hMsg,
0,
CMSG_CTRL_ADD_SIGNER,
&SignerEncodeInfo
))
{
FreeBlobData(&cablob);
return FALSE;
}
FreeBlobData(&cablob);

CERT_BLOB CertBlob={pCert->cbCertEncoded,pCert->pbCertEncoded};
if(!CryptMsgControl(
hMsg,
0,
CMSG_CTRL_ADD_CERT,
&CertBlob
))
{
return FALSE;
}
return TRUE;
}

Carlos Lopez

unread,
Apr 20, 2001, 7:34:22 PM4/20/01
to
The problem may be the hMsg handle that you're passing to your
AddSignToMessage function. When calling CryptMsgOpenToDecode make sure you
pass in an HCRYPTPROV handle.

thanks
Carlos


Slawomir Marciniak

unread,
Apr 21, 2001, 7:36:14 AM4/21/01
to
This ocurrs only if hash algorithm is the same as used for first signature.
For hash algoritm can be used szOID_OIWSEC_sha1or szOID_RSA_MD5 in any
order,
but can't use the same algorithm for both signatures.
I not tried what happens on third signing.

Slawomir Marciniak
SUNTECH Sp. z o.o.

Użytkownik "Slawomir Marciniak" <sla...@suntech.com.pl> napisał w wiadomości
news:#d1x57ayAHA.2196@tkmsftngp02...

Slawomir Marciniak

unread,
Apr 21, 2001, 7:50:14 AM4/21/01
to
Forgive me. I use in real CryptQueryObject to open HCRYPTMSG.

CryptQueryObject is opening message in any forrmat, so I prefer to use it
instead of CryptMsgOpenToDecode.

This ocurrs only if hash algorithm is the same as used for first signature.

For hash algoritm can be used szOID_OIWSEC_sha1or szOID_RSA_MD5 in any
order,

but can't use the same algorithm for both signatures.

I not tried what happens on add third sign.

Thank You

Slawomir Marciniak

SUNTECH Sp. z o.o.


Użytkownik "Carlos Lopez" <nospam...@microsoft.com> napisał w wiadomości
news:uqkvuJfyAHA.1276@tkmsftngp03...

0 new messages