Sign in with
Sign up | Sign in
Your question

Encrypting/Decrypting with a Signature Key

Last response: in Windows 2000/NT
Share
September 23, 2004 1:24:57 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello there

I generated two certificate (from MS CA) with keys on my machine.
One cert has the AT_SIGNATURE usage in it and the other cert has the
AT_KEYEXCHANGE in it (and it is limited to Data/Key Encipherment
only). So basically the latter is for Data/Key Encipherment and the
former is for Signing/Verification.

As part of my project Requirments, I need to encrypt data with the
cert that has the AT_SIGNATURE key usage (ie the signing cert). I can
encrypt with this cert using the CAPI function CryptEncryptMessage.
When I try to decrypt using the CryptDecryptMessage I get a bad key
error message. Is this due to a limitation of the CSP that it will not
allow me to encrypt/decrypt using a certificate with Digital Signature
key usage only in it ? Is there an alternative to this using other
CAPI functions ?
thanks a lot for the help.

Ron.
Anonymous
September 23, 2004 11:23:00 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Ron,

You will have better chance to get an answer to your question if you post to
microsoft.public.security.crypto news group.

Mike

"Ron" <yaronzinho@yahoo.com> wrote in message
news:3eadd290.0409230824.25f5a96e@posting.google.com...
> Hello there
>
> I generated two certificate (from MS CA) with keys on my machine.
> One cert has the AT_SIGNATURE usage in it and the other cert has the
> AT_KEYEXCHANGE in it (and it is limited to Data/Key Encipherment
> only). So basically the latter is for Data/Key Encipherment and the
> former is for Signing/Verification.
>
> As part of my project Requirments, I need to encrypt data with the
> cert that has the AT_SIGNATURE key usage (ie the signing cert). I can
> encrypt with this cert using the CAPI function CryptEncryptMessage.
> When I try to decrypt using the CryptDecryptMessage I get a bad key
> error message. Is this due to a limitation of the CSP that it will not
> allow me to encrypt/decrypt using a certificate with Digital Signature
> key usage only in it ? Is there an alternative to this using other
> CAPI functions ?
> thanks a lot for the help.
>
> Ron.
!