Get the X509 data from a PFX certificate using CryptoAPI
Asked Answered
S

1

6

Good day. Stackoverflow has helped me many times before, but I am a bit stuck on this one and hope that someone can give me some pointers.

Background: I need to pass X509 data of a certificate to Adobe's SDK CertListCab in order to sign the PDF using my Acrobat plugin api.

My question is how can I get the X509 data from a PFX certificate using CryptoAPI?

I've doing the following:

  • Converting my PFX certificate to a in-memory store.

    CRYPT_DATA_BLOB data;

  • Open file and populate data.

    FILE *fIn = fopen("C:\\certificate\\MyPfx.pfx", "rb")
        fseek(fIn, 0, SEEK_END);
        data.cbData = ftell(fIn);
        fseek(fIn, 0, SEEK_SET);
        data.pbData = (BYTE *)malloc(data.cbData);
        fread(data.pbData, 1, data.cbData, fIn);
        fclose(fIn);
    

    HCERTSTORE hCertStore = PFXImportCertStore(&data, L"password", 0);

  • Find the certificate. There is only one.

    PCCERT_CONTEXT hContext = CertFindCertificateInStore (hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL);

  • Get the public key information for the certificate.

    BOOL bFreeHandle; HCRYPTPROV hProv; DWORD dwKeySpec; HCRYPTKEY hCertPubKey; CryptAcquireCertificatePrivateKey (hContext, 0, NULL, &hProv, &dwKeySpec, &bFreeHandle);

    CryptImportPublicKeyInfo(hProv, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &hContext->pCertInfo->SubjectPublicKeyInfo, &hCertPubKey));

  • Now I try to make space for the X509 data.

    DWORD dwX509Len; BYTE *x509Data; CryptGetKeyParam(hCertPubKey,KP_CERTIFICATE,NULL,&dwX509Len,0);

    x509Data = (BYTE*)malloc(dwX509Len);

  • I pass in my buffer.

    CryptGetKeyParam(hCertPubKey,KP_CERTIFICATE,x509Data,&dwX509Len,0);

When I run my program I receive the error for CryptGetKeyParam:

NTE_BAD_TYPE : The dwParam parameter specifies an unknown value number.

According to the docs:

KP_CERTIFICATE : pbData is the address of a buffer that receives the X.509 certificate that has been encoded by using Distinguished Encoding Rules (DER). The public key in the certificate must match the corresponding signature or exchange key.

Am I doing something wrong? Is there another way to obtain the x509 data? Any help would be appreciated.

Regards, Magda

Sneak answered 8/5, 2013 at 14:26 Comment(0)
S
3

Looks like I've over-complicated the issue.

hContext->pbCertEncoded
hContext->cbCertEncoded

Will give me the data I want.

Still don't understand why using KP_CERTIFICATE did not retrieve the X509 data...

Sneak answered 9/5, 2013 at 9:33 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.