internal static SafeCspHandle AcquireCsp(string keyContainer, string providerName, ProviderType providerType, CryptAcquireContextFlags flags) { Contract.Assert(keyContainer == null, "Key containers are not supported"); // Specifying both verify context (for an ephemeral key) and machine keyset (for a persisted machine key) // does not make sense. Additionally, Widows is beginning to lock down against uses of MACHINE_KEYSET // (for instance in the app container), even if verify context is present. Therefore, if we're using // an ephemeral key, strip out MACHINE_KEYSET from the flags. if (((flags & CryptAcquireContextFlags.VerifyContext) == CryptAcquireContextFlags.VerifyContext) && ((flags & CryptAcquireContextFlags.MachineKeyset) == CryptAcquireContextFlags.MachineKeyset)) { flags &= ~CryptAcquireContextFlags.MachineKeyset; } SafeCspHandle cspHandle = null; if (!UnsafeNativeMethods.CryptAcquireContext(out cspHandle, keyContainer, providerName, providerType, flags)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } return(cspHandle); }
internal static SafeCspHandle AcquireCsp(string keyContainer, string providerName, ProviderType providerType, CryptAcquireContextFlags flags, bool throwPlatformException) { Contract.Ensures(Contract.Result <SafeCspHandle>() != null && !Contract.Result <SafeCspHandle>().IsInvalid&& !Contract.Result <SafeCspHandle>().IsClosed); SafeCspHandle cspHandle = null; if (!UnsafeNativeMethods.CryptAcquireContext(out cspHandle, keyContainer, providerName, providerType, flags)) { // If the platform doesn't have the specified CSP, we'll either get a ProviderTypeNotDefined // or a KeysetNotDefined error depending on the CAPI version. int error = Marshal.GetLastWin32Error(); if (throwPlatformException && (error == (int)CapiNative.ErrorCode.ProviderTypeNotDefined || error == (int)CapiNative.ErrorCode.KeysetNotDefined)) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } else { throw new CryptographicException(error); } } return(cspHandle); }
public static void DeleteKeyContainer(SafeCertContextHandle pCertContext) { if (pCertContext.IsInvalid) { return; } int cb = 0; bool containsPrivateKey = Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, null, ref cb); if (!containsPrivateKey) { return; } byte[] provInfoAsBytes = new byte[cb]; if (!Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, provInfoAsBytes, ref cb)) { return; } unsafe { fixed(byte *pProvInfoAsBytes = provInfoAsBytes) { CRYPT_KEY_PROV_INFO *pProvInfo = (CRYPT_KEY_PROV_INFO *)pProvInfoAsBytes; string providerName = pwszToString((IntPtr)(pProvInfo->pwszProvName)); string keyContainerName = pwszToString((IntPtr)(pProvInfo->pwszContainerName)); if (pProvInfo->dwProvType == 0) { // dwProvType being 0 indicates that the key is stored in CNG. // dwProvType being non-zero indicates that the key is stored in CAPI. try { using (CngKey cngKey = CngKey.Open(keyContainerName, new CngProvider(providerName))) { cngKey.Delete(); } } catch (CryptographicException) { // While leaving the file on disk is undesirable, an inability to perform this cleanup // should not manifest itself to a user. } } else { CryptAcquireContextFlags flags = (pProvInfo->dwFlags & CryptAcquireContextFlags.CRYPT_MACHINE_KEYSET) | CryptAcquireContextFlags.CRYPT_DELETEKEYSET; IntPtr hProv; bool success = Interop.cryptoapi.CryptAcquireContext(out hProv, keyContainerName, providerName, pProvInfo->dwProvType, flags); // Called CryptAcquireContext solely for the side effect of deleting the key containers. When called with these flags, no actual // hProv is returned (so there's nothing to clean up.) Debug.Assert(hProv == IntPtr.Zero); } } } }
public static extern bool CryptAcquireContext ( [param: Out] out NCryptKeyOrCryptProviderSafeHandle phProv, [param: In, MarshalAs(UnmanagedType.LPTStr)] string pszContainer, [param: In, MarshalAs(UnmanagedType.LPTStr)] string pszProvider, [param: In, MarshalAs(UnmanagedType.U4)] ProviderType dwProvType, [param: In, MarshalAs(UnmanagedType.U4)] CryptAcquireContextFlags dwFlags );
public static void DeleteKeyContainer(SafeCertContextHandle pCertContext) { if (pCertContext.IsInvalid) { return; } int cb = 0; bool containsPrivateKey = Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, null, ref cb); if (!containsPrivateKey) { return; } byte[] provInfoAsBytes = new byte[cb]; if (!Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, provInfoAsBytes, ref cb)) { return; } unsafe { fixed(byte *pProvInfoAsBytes = provInfoAsBytes) { CRYPT_KEY_PROV_INFO *pProvInfo = (CRYPT_KEY_PROV_INFO *)pProvInfoAsBytes; // For UWP the key was opened in a CNG-only context, so it can/should be deleted via CngKey.Delete. // In all other contexts, the key was loaded into CAPI, so deleting it via CryptAcquireContext is // the correct action. #if NETNATIVE string providerName = Marshal.PtrToStringUni((IntPtr)(pProvInfo->pwszProvName)); string keyContainerName = Marshal.PtrToStringUni((IntPtr)(pProvInfo->pwszContainerName)); try { using (CngKey cngKey = CngKey.Open(keyContainerName, new CngProvider(providerName))) { cngKey.Delete(); } } catch (CryptographicException) { // While leaving the file on disk is undesirable, an inability to perform this cleanup // should not manifest itself to a user. } #else CryptAcquireContextFlags flags = (pProvInfo->dwFlags & CryptAcquireContextFlags.CRYPT_MACHINE_KEYSET) | CryptAcquireContextFlags.CRYPT_DELETEKEYSET; IntPtr hProv; bool success = Interop.advapi32.CryptAcquireContext(out hProv, pProvInfo->pwszContainerName, pProvInfo->pwszProvName, pProvInfo->dwProvType, flags); // Called CryptAcquireContext solely for the side effect of deleting the key containers. When called with these flags, no actual // hProv is returned (so there's nothing to clean up.) Debug.Assert(hProv == IntPtr.Zero); #endif } } }
public static extern bool CryptAcquireContext( out IntPtr prov, [MarshalAs(UnmanagedType.LPTStr)] string container, [MarshalAs(UnmanagedType.LPTStr)] string provider, [MarshalAs(UnmanagedType.U4)] CryptProviderType provType, [MarshalAs(UnmanagedType.U4)] CryptAcquireContextFlags flags);
ProviderHandle GetProviderHandle(CryptAcquireContextFlags flags) { ProviderHandle providerHandle; if (CryptAcquireContext(out providerHandle, Name, Provider.Name, Provider.ProviderType.Id, flags) == false) { throw new Win32Exception(); } return(providerHandle); }
public static void DeleteKeyContainer(SafeCertContextHandle pCertContext) { if (pCertContext.IsInvalid) { return; } int cb = 0; bool containsPrivateKey = Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, null, ref cb); if (!containsPrivateKey) { return; } byte[] provInfoAsBytes = new byte[cb]; if (!Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, provInfoAsBytes, ref cb)) { return; } unsafe { fixed(byte *pProvInfoAsBytes = provInfoAsBytes) { CRYPT_KEY_PROV_INFO * pProvInfo = (CRYPT_KEY_PROV_INFO *)pProvInfoAsBytes; CryptAcquireContextFlags flags = (pProvInfo->dwFlags & CryptAcquireContextFlags.CRYPT_MACHINE_KEYSET) | CryptAcquireContextFlags.CRYPT_DELETEKEYSET; IntPtr hProv; bool success = Interop.advapi32.CryptAcquireContext(out hProv, pProvInfo->pwszContainerName, pProvInfo->pwszProvName, pProvInfo->dwProvType, flags); // Called CryptAcquireContext solely for the side effect of deleting the key containers. When called with these flags, no actual // hProv is returned (so there's nothing to clean up.) Debug.Assert(hProv == IntPtr.Zero); } } }
public static extern bool CryptAcquireContext(out IntPtr psafeProvHandle, [MarshalAs(UnmanagedType.LPWStr)] string pszContainer, [MarshalAs(UnmanagedType.LPWStr)] string pszProvider, int dwProvType, CryptAcquireContextFlags dwFlags);
public static extern bool CryptAcquireContext( out IntPtr phProv, string szContainer, string szProvider, int dwProvType, CryptAcquireContextFlags dwFlags);
public static unsafe extern bool CryptAcquireContext(out IntPtr psafeProvHandle, char* pszContainer, char* pszProvider, int dwProvType, CryptAcquireContextFlags dwFlags);
private static void Main(string[] args) { SafeHCRYPTPROV hProv = null; SafeHCRYPTKEY hPubKey = null; string szCertificateName = default; string szStoreName = default; string szContainerName = default; var dwOpenFlags = CertStoreFlags.CERT_SYSTEM_STORE_CURRENT_USER; CryptAcquireContextFlags dwAcquireFlags = 0; var dwKeySpec = CertKeySpec.AT_SIGNATURE; ALG_ID AlgId; if (args.Length != 8) { PrintUsage(); return; } try { // Determine hash algorithm if (StringComparer.InvariantCultureIgnoreCase.Compare(args[0], "sha1") == 0) { AlgId = ALG_ID.CALG_SHA1; } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[0], "md5") == 0) { AlgId = ALG_ID.CALG_MD5; } else { PrintUsage(); return; } bool fSign; if (StringComparer.InvariantCultureIgnoreCase.Compare(args[1], "/s") == 0) { fSign = true; } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[1], "/v") == 0) { fSign = false; } else { PrintUsage(); return; } var szFileToSign = args[2]; var szSigFile = args[3]; bool fUseCert; // check to see if user wants to use a certificate if (StringComparer.InvariantCultureIgnoreCase.Compare(args[4], "/cert") == 0) { fUseCert = true; szCertificateName = args[5]; szStoreName = args[6]; // Determine if we have to use user or machine store if (StringComparer.InvariantCultureIgnoreCase.Compare(args[7], "u") == 0) { dwOpenFlags = CertStoreFlags.CERT_SYSTEM_STORE_CURRENT_USER; } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[7], "m") == 0) { dwOpenFlags = CertStoreFlags.CERT_SYSTEM_STORE_LOCAL_MACHINE; } else { PrintUsage(); return; } } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[4], "/key") == 0) { fUseCert = false; szContainerName = args[5]; if (StringComparer.InvariantCultureIgnoreCase.Compare(args[6], "u") == 0) { dwAcquireFlags = 0; } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[6], "m") == 0) { dwAcquireFlags = CryptAcquireContextFlags.CRYPT_MACHINE_KEYSET; } else { PrintUsage(); return; } // Use exchange key or signature key if (StringComparer.InvariantCultureIgnoreCase.Compare(args[7], "x") == 0) { dwKeySpec = CertKeySpec.AT_KEYEXCHANGE; } else if (StringComparer.InvariantCultureIgnoreCase.Compare(args[7], "s") == 0) { dwKeySpec = CertKeySpec.AT_SIGNATURE; } else { PrintUsage(); return; } } else { PrintUsage(); return; } bool fResult; if (fUseCert) { using var pCertContext = GetCertificateContextFromName(szCertificateName, szStoreName, dwOpenFlags); if (pCertContext.IsInvalid) { throw new Exception(); } fResult = GetRSAKeyFromCert(pCertContext, fSign, out hProv, out hPubKey, out dwKeySpec, out _); if (!fResult) { throw new Exception(); } } else { fResult = GetRSAKeyFromContainer(szContainerName, dwAcquireFlags, dwKeySpec, out hProv, out hPubKey); if (!fResult) { throw new Exception(); } } fResult = SignVerifyFile(hProv, hPubKey, dwKeySpec, AlgId, szFileToSign, szSigFile, fSign); if (!fResult) { throw new Exception(); } if (fSign) { MyPrintf(("File %s hashed and signed successfully!\n"), szFileToSign); } else { MyPrintf(("File %s verified successfully!\n"), szSigFile); } } finally { // Clean up } }
public static extern bool CryptAcquireContext([Out] out SafeCspHandle phProv, string pszContainer, string pszProvider, ProviderType dwProvType, CryptAcquireContextFlags dwFlags);
static extern bool CryptAcquireContext(out ProviderHandle hProv, string pszContainer, string pszProvider, ProviderType.Ids dwProvType, CryptAcquireContextFlags dwFlags);
static ProviderHandle GetProviderHandle(string containerName, string providerName, ProviderType.Ids providerTypeId, CryptAcquireContextFlags acFlags) { ProviderHandle providerHandle; if (CryptAcquireContext(out providerHandle, containerName, providerName, providerTypeId, acFlags) == false) { throw new Win32Exception(); } return(providerHandle); }
public static extern unsafe bool CryptAcquireContext(out IntPtr psafeProvHandle, char *pszContainer, char *pszProvider, int dwProvType, CryptAcquireContextFlags dwFlags);
internal static extern bool CryptAcquireContext([Out] out SafeCspHandle phProv, string pszContainer, string pszProvider, ProviderType dwProvType, CryptAcquireContextFlags dwFlags);
internal static SafeCspHandle AcquireCsp(string keyContainer, string providerName, ProviderType providerType, CryptAcquireContextFlags flags, bool throwPlatformException) { SafeCspHandle phProv = null; if (UnsafeNativeMethods.CryptAcquireContext(out phProv, keyContainer, providerName, providerType, flags)) { return(phProv); } int hr = Marshal.GetLastWin32Error(); if (!throwPlatformException || ((hr != -2146893801) && (hr != -2146893799))) { throw new CryptographicException(hr); } throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); }
internal static SafeCspHandle AcquireCsp(string keyContainer, string providerName, ProviderType providerType, CryptAcquireContextFlags flags) { Contract.Assert(keyContainer == null, "Key containers are not supported"); // Specifying both verify context (for an ephemeral key) and machine keyset (for a persisted machine key) // does not make sense. Additionally, Widows is beginning to lock down against uses of MACHINE_KEYSET // (for instance in the app container), even if verify context is present. Therefore, if we're using // an ephemeral key, strip out MACHINE_KEYSET from the flags. if (((flags & CryptAcquireContextFlags.VerifyContext) == CryptAcquireContextFlags.VerifyContext) && ((flags & CryptAcquireContextFlags.MachineKeyset) == CryptAcquireContextFlags.MachineKeyset)) { flags &= ~CryptAcquireContextFlags.MachineKeyset; } SafeCspHandle cspHandle = null; if (!UnsafeNativeMethods.CryptAcquireContext(out cspHandle, keyContainer, providerName, providerType, flags)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } return cspHandle; }