How can i export Certificates with private key from the System Certstore
Ilhami
i want to export certificates with private keys into a pfx file.
But when i have a certificate with the option 'private key not exportable'
the function
PFXExportCertStoreEx return FALSE.
How can i export all Certificates with the option private key exportable in
a file.
hSystemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_SYSTEM_STORE_CURRENT_USER, L"MY"))
...
PFXExportCertStoreEx(hSystemStore, &Save_Store_Blob, lpcwszPasswd, NULL,
EXPORT_PRIVATE_KEYS)
Thanx
Ilhami
![Daniel Sie [MS]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Daniel Sie [MS]
however, you can still export the cert. To do this using
PFXExportCertStoreXX, make sure you don't pass
REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY flag.
What OS did you try this on?
--
Daniel Sie [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ilhami" <ilhami...@web.de> wrote in message
news:a4g5c4$mt...@news-1.bank.dresdner.net...
Michel Gallant
does not seem to work. I get:
8009000bh: Key not valid for use in specified state.
I have a MY store with several certs, some having private exportable keys,
some not. I gather that PFXExportCertStoreEx is
designed to export ALL the certs and keys in one shot, so this function
must iterate through the specified cert store in some way?
How do I target ONE specific key/cert to export (like the manual Export process
from within IE security panels) into a pfxblob with this function, or must I do
this manually?
Thanks,
- Mitch Gallant
Daniel Sie [MS]
export only a particular cert, you should transfer the CERT_CONTEXT to a
temporary memory store first, and then export the memory store.
What flag did you pass to the function? Do you use
REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY?
--
Daniel Sie [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Michel Gallant" <neu...@istar.ca> wrote in message
news:3C9F9B38...@istar.ca...
Michel Gallant
cert was in a store by itself however as you state below.
Thanks,
- Mitch
news.turunet.com
but i don't know how can i create File ( ex, "sample.PFX")
if pfx file is saved that byte buffer, it is made a error when the file is
duble-clicked
i'd like to make a itself-installed file when i duble-click.
how can i make a this file?
if anyone has a sample code, send me please.
"Michel Gallant" <neu...@istar.ca> wrote in message
news:3CA15103...@istar.ca...
Michel Gallant
the 2nd call to PFXExportCertStoreEx that I use (where FileBinout()
is a simple custom fileout binary function):
if (PFXExportCertStoreEx(hSystemStoreHandle, &pfxBlob, "xxxxxxxxx",
NULL, EXPORT_PRIVATE_KEYS) ) {
printf("%u bytes read into buffer for pfx blob\n", pfxBlob.cbData) ;
printf("Writing pfx file for this certificate store ...\n") ;
FileBinout("migpk12.pfx", pfxBlob.cbData, pfxBlob.pbData) ;
}
The output pfx (pkcs#12) file when double-clicked then should invoke
the standard crypto import dialog (worked for me).
- Mitch
Michel Gallant
to use the PFXExportCertStoreEx function on the memory store after only one certificate context
is transferred to the memory store.
This works for all certificates except for the one that has the
private key marked as "not exportable" as seen in the IE GUI security panels.
I use the call:
PFXExportCertStoreEx(hMemoryStore, &pfxBlob, "", NULL, EXPORT_PRIVATE_KEYS) )
which should work in all cases, right ? (for no private key, or if private key is not exportable).
Michel Gallant
very easy to implement using functions like:
Certificates.Save CertFile, Password, SaveAs, ExportFlag
The Capicom 2b sample "Cstore.vbs" script provides very nice documentation of how
the calls work (until we have the pleasure of seeing the full documentation :-)
- Mitch