开发者

CertCreateCertificateContext returns ASN1 bad tag value met

问答 作者:

I'm loading开发者_Python百科 a .p7b certificate file into memory and then calling CertCreateCertificateContext on it, but it fails with the error "ASN1 bad tag value met.".

The call look like this:

m_hContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, pbCertEncoded, dwCertEncodedLen);

This returns NULL and GetLastError() returns the error mentioned above.

I created the certificate file by dragging a certificate out of the settings in IE, which then does an automatic export to a file.

What am I doing wrong?

Thanks!

Try to open your certificate by some asn.1 editor.

Probably your certificate has been exported incorrectly or size of the certificate you pass to the api is wrong... Rather the second one option (incorrect cert construction or passing).

I found here the info that the encoding you try to use is not fully supported (see possible error values).

You have to use CertOpenStore() instead:

HCERTSTORE hCertStore = CertOpenStore(
    CERT_STORE_PROV_FILENAME,
    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
    NULL,
    CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
    pszFilePath));

CertCreateCertificateContext() supports one certificate only, whereas PKCS #7 file can contain many.

Quote from MSDN:

CERT_STORE_PROV_FILENAME Initializes the store with certificates, CRLs, and CTLs from a file. The provider opens the file and first attempts to read the file as a serialized store, then as a PKCS #7 signed message, and finally as a single encoded certificate.

After the certificate store is open, you can use CertEnumCertificatesInStore() to retrieve certificate context of individual certificates from store.

Make sure the certificate is in binary format.

I had similar issue when the certificate was in "Base-64 encoded X.509". It was fixed when i used the same certificate in "DER encoded binary X.509"

You can do this easily on windows by manually importing into cert store and then exporting using the desired format.

Certificate can then be used to be installed on other machines using winapi functions.

继续阅读:certificatewindows

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9