CryptAcquireCertificatePrivateKey fails to retrieve the private key for certificate listed under CERT_SYSTEM_STORE_LOCAL_MACHINE

Prafulla Shirke 20 Reputation points
2024-06-27T12:55:24.3833333+00:00

I used Below program to retrieve the private key of "1-ksp-digitalid-MSKSP 27th June" certificate stored under LOCAL_MACHINE. It gives me error   0x80090016 i.e. Keyset does not exist error. On Properties you can see dialog saying that "you have private key corresponding to this certificate"

.Property picture

Please help in resolution of this issue

//Open Local Machine store

 

    NCRYPT_KEY_HANDLE hKey = 0;

    PCCERT_CONTEXT pCertContext = NULL;

    HCERTSTORE hCertStore = NULL;

    DWORD dwKeySpec;

    BOOL bCallerFreeProv;

 hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"My");

 

// Enumerate all certificates.

        while (pCertContext = CertFindCertificateInStore(hCertStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pCertContext))

        {

            std::cout << "\n=====================================================================================================\n";

            // Print the certificate's subject name.

            wchar_t szName[256];

            if (CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, szName, 256))

            {

             

            }

 

            if (lstrcmpiW(szName, L"1-ksp-digitalid-MSKSP 27th June") != 0)

                continue;

 

            std::wcout << "Certificate Subject Name: " << szName << std::endl;

            // Get the private key

            if (!CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG, NULL, &hKey, &dwKeySpec, &bCallerFreeProv))

            {

                LPVOID lpMsgBuf;

                LPVOID lpDisplayBuf;

                DWORD dw = GetLastError();

 

                FormatMessageW(

                    FORMAT_MESSAGE_ALLOCATE_BUFFER |

                    FORMAT_MESSAGE_FROM_SYSTEM |

                    FORMAT_MESSAGE_IGNORE_INSERTS,

                    NULL,

                    dw,

                    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),

                    (LPWSTR)&lpMsgBuf,

                    0, NULL);

 

                wprintf(L"Error acquiring private key for %s.  Error: %lu  %s\n", szName, dw, lpMsgBuf);

                //goto Cleanup;

            }

 

        }

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,651 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,758 questions
{count} votes

Accepted answer
  1. Xiaopo Yang - MSFT 12,726 Reputation points Microsoft Vendor
    2024-07-01T01:48:14.9+00:00

    Hello @Prafulla Shirke,

    CryptAcquireCertificatePrivateKey and the Certutil.exe command-line program report the same error, Missing stored keyset. It is an issue about your certificate which couldn't be installed correctly or a permission issue but not a WindowsAPI issue. You may refer to the similar questions about Missing stored keyset. Hope CertMgr and the question are helpful.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.