Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Here are the steps for creating a self-signed certificate with the key container created at the machine key set.
Step 1:
Get the CSP handle by creating the key container at the machine key folder.
if (!CryptAcquireContext(&hCryptProv, _T("shmisra"), NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET)) { // Error _tprintf(_T("Error 0x%x\n"), GetLastError());
// Try to create a new key container if (!CryptAcquireContext(&hCryptProv, _T("shmisra"), NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET)) { …. } …. } |
Step 2:
Generate a new key pair.
if (!CryptGenKey(hCryptProv, AT_SIGNATURE, 0x08000000 | CRYPT_EXPORTABLE, &hKey)) { …. } |
Step 3:
Prepare a key provider structure for self-signed certificate.
CRYPT_KEY_PROV_INFO KeyProvInfo; memset(&KeyProvInfo, 0, sizeof(KeyProvInfo)); KeyProvInfo.pwszContainerName = _T("shmisra"); KeyProvInfo.pwszProvName = NULL; KeyProvInfo.dwProvType = PROV_RSA_FULL; KeyProvInfo.dwFlags = CRYPT_MACHINE_KEYSET; KeyProvInfo.cProvParam = 0; KeyProvInfo.rgProvParam = NULL; KeyProvInfo.dwKeySpec = AT_SIGNATURE; |
Once you are ready with the above steps you use CertCreateSelfSignCertificate function to create the certificate.
If you follow these steps you created a self-signed certificate with 2048 bit RSA key and the private key is exportable.
References:
https://msdn.microsoft.com/en-us/library/aa376039(VS.85).aspx
-Shamik