Using Certificate Stores
[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the .NET Framework to implement security features. For more information, see Alternatives to Using CAPICOM.]
CAPICOM uses digital certificates to create signatures, encrypt session encryption keys when creating enveloped messages, and decrypt encrypted session keys when an enveloped message is received. By default, CAPICOM uses certificates in the My store that have an associated private key for both digital signatures creation and session key decryption. In most cases, an application would never need to open or otherwise directly deal with a certificate store.
However, applications creating enveloped messages use the public key of each intended recipient of an enveloped message. These keys are retrieved from the certificates of the intended recipients. Thus, to create enveloped messages for a group of intended recipients, the certificates of those recipients would be collected in a certificate store.
The following table lists the standard certificate stores normally persisted on a user station.
|My||Contains personal certificates. These certificates will usually have an associated private key.|
|Other people||Contains the certificates of those that the user normally sends enveloped messages to or receives signed messages from.|
|Ca and Root||Contains the certificates of certificate authorities that the user trusts to issue certificates to others. Certificates in these stores are normally supplied with the operating system or by the user's network administrator. Certificates in the Root store are typically self-signed.|
Additional CAPICOM_CURRENT_USER stores can be created, opened, and persisted by giving a different store name as a string. If a store by that name does not exist, an empty store is created and opened. If a store does exist, it is opened and any certificates currently in the store are made available.
The following sections show examples for certificate store tasks:
- Opening the Active Directory Store and Retrieving Certificates
- Adding Certificates to a Certificate Store
- Using Stores in Different Locations
- Collecting and Verifying Certificates