question

OsmanZakir-9751 avatar image
0 Votes"
OsmanZakir-9751 asked RitaHan-MSFT commented

How to correctly use CertFindCertificateInStore with needed parameters

I marked the other question as solved because I figured that just knowing what function to use is enough for it. But I still need to know how to correctly use that function and how to pass it the information I need to pass it, so I decided to open a new thread since I wasn't getting a reply in the other one about it. I'm sorry if anyone has a problem with me doing this.

The certificates (it's a chain of two) I want to find use an encoding of SHA256. It apparently hasn't been defined so I can't tell the function to use it, but I don't know how to specify the encoding anyway. Is there an Enum I can use? What is that Enum and what member should I use from it?

What do I pass for dwFindFlags for the below dwFindType value that I want to use?

The dwFindType value I want to use is CERT_FIND_SUBJECT_CERT. How do I specify the specify "CERT_FIND_SUBJECT_CERT" as the argument for the parameter? It doesn't seem like I can just pass that in because it's telling me that it's undefined.

For dwFindPara I need to specify the actual structure with the certificate info, in this case, right? If I understand correctly. Again, though: I don't know how to do this. How do I specify the info from the certificate chain as DWORDs? I cant give them as strings.

For the last argument I think nullptr should be fine. Please correct me I'm wrong.

Anyway, please give me answers to the above questions. I need to know so I can correctly use the CertFindCertificateInStore function since right now I have no idea how to give it the info I want to give it. Please help me out here. Thanks.

windows-apic++windows-server-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Maybe you can use rough search conditions like CERT_FIND_SUBJECT_STR, then check the found certification information to see if it meets your requirement. This is easier.

0 Votes 0 ·
DavidLowndes-6766 avatar image
0 Votes"
DavidLowndes-6766 answered OsmanZakir-9751 edited

CERT_FIND_SUBJECT_CERT (not "CERT_FIND_SUBJECT_CERT") should be defined in wincrypt.h

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Okay, thanks.

How about the rest of what I asked? How do I specify the certificate info needed as the argument for dwFindPara as DWORDs and other types needed?

0 is fine as the argument for the dwFindFlags parameter if I want to use CERT_FIND_SUBJECT_CERT as the argument for dwFindType, right?

How do I define values for CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm, CERT_NAME_BLOB Issuer, CERT_NAME_BLOB Subject, CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo, CRYPT_BIT_BLOB IssuerUniqueId, CRYPT_BIT_BLOB SubjectUniqueId, DWORD cExtension, and PCERT_EXTENSION rgExtension? I need an answer for this as well. Thanks.

0 Votes 0 ·
DavidLowndes-6766 avatar image
0 Votes"
DavidLowndes-6766 answered OsmanZakir-9751 commented

It's not something I've ever done, but see if this example helps.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It didn't work when I tested it in a separate file.

If I read the actual certificate file I have into a std::string, is there a way I can compare it with certificates from the store? Can this be done using CertFindCertificateInStore?

0 Votes 0 ·

What "didn't work"?
I cited that example as an illustration of using CertFindCertificateInStore with CERT_FIND_SUBJECT_CERT - which it appeared to do.

0 Votes 0 ·

The part where it tries to use CryptQueryObject fails and it exits there. I couldn't do anything else.

I tried it like here: https://github.com/chriskohlhoff/asio/issues/565 in the first post. It works in the second one where I just load the certificate from a file.

0 Votes 0 ·