Tokyosan

Hello guys,

Microsoft says "new API, implemented in CertEnroll.dll starting with
Windows Vista, replaces Xenroll.dll which has been deprecated and is no
longer contained in Windows."

You can find the API reference at
http://msdn2.microsoft.com/en-gb/library/aa374863.aspx

Now, does anyone know the class ID or API that can be used by
JavaScript in InternetExplorer to generate keypair ( in IE )and PKCS10 in vista

The code which used to do the job in Win2000 , XP and 2003 server no longer
works because it uses Xenroll cab which is deprecated in Vista.

Any help is greatly appriciated.




Re: Security for Applications in Windows Vista CertEnroll.dll vs XEnroll.dll

dchawla

IX509PrivateKey pPrivateKey;
If you just want to specify the CSP by name, then that¡¯s all you need to do:

BSTR strProvName = SysAllocString(L"<CSP name>");

hr = pPrivateKey->put_ProviderName(strProvName);

You can then optionally set the Length, Container Name, KeyProtection and KeySpec if you like.

There¡¯s no need to set the container name before creating a new key.

You can set the provider type if you want, but that is optional (I believe it is ignored if it is wrong ¨C we figure out the correct value).

If you set put_Existing to VARIANT_TRUE, then call hr = pPrivateKey->Open();

If you set put_Existing to VARIANT_FALSE, then call hr = pPrivateKey->Create();

To create a new key with this CSP and all other default values, it should suffice to make two calls:

pPrivateKey->put_ProviderName(strProvName);

pPrivateKey->Create();

From certenroll.idl/h:
HRESULT InitializeFromPrivateKey(
[in] X509CertificateEnrollmentContext Context,
[in] IX509PrivateKey *pPrivateKey,
[in] BSTR strTemplateName); // OPTIONAL

hr = p10->InitializeFromPrivateKey(certEnrollContext,pri,bstrDN);

If you pass the template name, we expect the caller is on the domain with access to template information.
Try
hr = p10->InitializeFromPrivateKey(certEnrollContext,pri,NULL);
Use p10->put_Subject(xxx) for the subject name.





Re: Security for Applications in Windows Vista CertEnroll.dll vs XEnroll.dll

MukilanP

Hi friends,

XEnrollObj.UseExistingKeySet = true;

The above is the code using XEnroll. What is the corresponding property name/statement in CertEnroll .

Regards,

Mukilan





Re: Security for Applications in Windows Vista CertEnroll.dll vs XEnroll.dll

ersin karadol

Did anyone find a solution for this problem. Our code is written in asp not "asp .net" and we face the same problem.



Re: Security for Applications in Windows Vista CertEnroll.dll vs XEnroll.dll

V.A.

Hello all,

Any progress on this post

It would be great to see some example in javascript.





Re: Security for Applications in Windows Vista CertEnroll.dll vs XEnroll.dll

Matra

From:

http://msdn2.microsoft.com/en-gb/library/bb427431(VS.85).aspx

UseExistingKeySet

The UseExistingKeySet function defined in Xenroll.dll specifies or retrieves a Boolean value that indicates whether to use existing keys.

When using CertEnroll.dll, you can call the InitializeFromCertificate method on an IX509CertificateRequestPkcs10 object and specify a value of the X509RequestInheritOptions enumeration type to reuse existing private and public keys.

Regards,

Matej