Encrypting/Decrypting with a Signature Key

Archived from groups: microsoft.public.win2000.security (More info?)

Hello there

I generated two certificate (from MS CA) with keys on my machine.
One cert has the AT_SIGNATURE usage in it and the other cert has the
AT_KEYEXCHANGE in it (and it is limited to Data/Key Encipherment
only). So basically the latter is for Data/Key Encipherment and the
former is for Signing/Verification.

As part of my project Requirments, I need to encrypt data with the
cert that has the AT_SIGNATURE key usage (ie the signing cert). I can
encrypt with this cert using the CAPI function CryptEncryptMessage.
When I try to decrypt using the CryptDecryptMessage I get a bad key
error message. Is this due to a limitation of the CSP that it will not
allow me to encrypt/decrypt using a certificate with Digital Signature
key usage only in it ? Is there an alternative to this using other
CAPI functions ?
thanks a lot for the help.

Ron.
1 answer Last reply
More about encrypting decrypting signature
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Ron,

    You will have better chance to get an answer to your question if you post to
    microsoft.public.security.crypto news group.

    Mike

    "Ron" <yaronzinho@yahoo.com> wrote in message
    news:3eadd290.0409230824.25f5a96e@posting.google.com...
    > Hello there
    >
    > I generated two certificate (from MS CA) with keys on my machine.
    > One cert has the AT_SIGNATURE usage in it and the other cert has the
    > AT_KEYEXCHANGE in it (and it is limited to Data/Key Encipherment
    > only). So basically the latter is for Data/Key Encipherment and the
    > former is for Signing/Verification.
    >
    > As part of my project Requirments, I need to encrypt data with the
    > cert that has the AT_SIGNATURE key usage (ie the signing cert). I can
    > encrypt with this cert using the CAPI function CryptEncryptMessage.
    > When I try to decrypt using the CryptDecryptMessage I get a bad key
    > error message. Is this due to a limitation of the CSP that it will not
    > allow me to encrypt/decrypt using a certificate with Digital Signature
    > key usage only in it ? Is there an alternative to this using other
    > CAPI functions ?
    > thanks a lot for the help.
    >
    > Ron.
Ask a new question

Read More

Certificate Windows