"Sengul Vurgun" <svurgun@yahoo.com> wrote in message
news:ePjV8XfZEHA.3092@tk2msftngp13.phx.gbl...
> I am trying to parse the PKCS#7 package returned by
> ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using runtime
> callable wrappers. I tried using CAPICOM's SignedDataClass but I couldn't
> get it working. When I try to access the certificates, I get "Message has
> not been signed" error. Do you know how to (or have example code to) parse
> PKCS#7 .NET?
>
> Thanks.
>
>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%23M775YiZEHA.2388@TK2MSFTNGP11.phx.gbl...
> Mitch has a cool sample doing p/invoke to the crypto API in C# that shows
> how to get the certs and authenticated attributes on a PKCS#7 Signed Data
> message here:
>
> http://www.jensign.com/JavaScience/dotnet/AuthAttr/index.html
>
> This should be much easier in future versions of the Framework.
>
> Joe K.
>
> "Sengul Vurgun" <svurgun@yahoo.com> wrote in message
> news:ePjV8XfZEHA.3092@tk2msftngp13.phx.gbl...
> > I am trying to parse the PKCS#7 package returned by
> > ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using runtime
> > callable wrappers. I tried using CAPICOM's SignedDataClass but I
couldn't
> > get it working. When I try to access the certificates, I get "Message
has
> > not been signed" error. Do you know how to (or have example code to)
parse
> > PKCS#7 .NET?
> >
> > Thanks.
> >
> >
>
>

"Nicole" <nicole@nowhere.com> wrote in message
news:%23V%23sn7$ZEHA.2972@TK2MSFTNGP12.phx.gbl...
> Thanks for the link. Now I can see the certificates but I can't seem to
get
> to the private key. MS documentation says key archival blob should have
the
> following format. I don't know how Crypto API works. Which field should I
> look into to get the private key ?
>
> The recovery blob consists of wrapping the encrypted PKCS#7 in the
database
> in another (signed) PKCS#7 to allow a number of certificates to be
included
> in the recovery blob. The returned certificates include the full chain of
> the user certificate being recovered, the chain of the signing CA
> certificate (which may differ from the CA certificate under which the user
> certificate was issued), and the KRA certificates to which the key was
> encrypted. The szOID_ARCHIVED_KEY_CERT_HASH(1.3.6.1.4.1.311.21.16) is an
> attribute containing the SHA-1 hash of the cert for the key being
recovered,
> attached as an authenticated attribute to the CA signature of the recovery
> blob.
>
> Thanks.
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:%23M775YiZEHA.2388@TK2MSFTNGP11.phx.gbl...
> > Mitch has a cool sample doing p/invoke to the crypto API in C# that
shows
> > how to get the certs and authenticated attributes on a PKCS#7 Signed
Data
> > message here:
> >
> > http://www.jensign.com/JavaScience/dotnet/AuthAttr/index.html
> >
> > This should be much easier in future versions of the Framework.
> >
> > Joe K.
> >
> > "Sengul Vurgun" <svurgun@yahoo.com> wrote in message
> > news:ePjV8XfZEHA.3092@tk2msftngp13.phx.gbl...
> > > I am trying to parse the PKCS#7 package returned by
> > > ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using
runtime
> > > callable wrappers. I tried using CAPICOM's SignedDataClass but I
> couldn't
> > > get it working. When I try to access the certificates, I get "Message
> has
> > > not been signed" error. Do you know how to (or have example code to)
> parse
> > > PKCS#7 .NET?
> > >
> > > Thanks.
> > >
> > >
> >
> >
>
>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:%23vJszHEaEHA.384@TK2MSFTNGP10.phx.gbl...
> I followed up with someone else on this via email, but here was my response:
>
> --------------
> I'm not sure I can help you with this. I'm not really a big PKCS#7 expert,
> so I'm not sure what I would expect to see here. Normally you wouldn't have
> a private key in a signed data blob, but just an encrypted hash value that
> you decrypt with the public key from the enclosed signing cert. If the
> private key is in the underlying data that was signed, that would be oqaque
> to the signed data message.
>
> I'd suggest posting your question back to the newsgroup directly. Also, you
> might try contact Mitch Gallant directly or through the newsgroup as he is
> the true expert in crypto API and .NET integration. That was his sample you
> were using there.
>
> HTH,
>
> Joe
>
> "Nicole" <nicole@nowhere.com> wrote in message
> news:%23V%23sn7$ZEHA.2972@TK2MSFTNGP12.phx.gbl...
> > Thanks for the link. Now I can see the certificates but I can't seem to
> get
> > to the private key. MS documentation says key archival blob should have
> the
> > following format. I don't know how Crypto API works. Which field should I
> > look into to get the private key ?
> >
> > The recovery blob consists of wrapping the encrypted PKCS#7 in the
> database
> > in another (signed) PKCS#7 to allow a number of certificates to be
> included
> > in the recovery blob. The returned certificates include the full chain of
> > the user certificate being recovered, the chain of the signing CA
> > certificate (which may differ from the CA certificate under which the user
> > certificate was issued), and the KRA certificates to which the key was
> > encrypted. The szOID_ARCHIVED_KEY_CERT_HASH(1.3.6.1.4.1.311.21.16) is an
> > attribute containing the SHA-1 hash of the cert for the key being
> recovered,
> > attached as an authenticated attribute to the CA signature of the recovery
> > blob.
> >
> > Thanks.
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> > in message news:%23M775YiZEHA.2388@TK2MSFTNGP11.phx.gbl...
> > > Mitch has a cool sample doing p/invoke to the crypto API in C# that
> shows
> > > how to get the certs and authenticated attributes on a PKCS#7 Signed
> Data
> > > message here:
> > >
> > > http://www.jensign.com/JavaScience/dotnet/AuthAttr/index.html
> > >
> > > This should be much easier in future versions of the Framework.
> > >
> > > Joe K.
> > >
> > > "Sengul Vurgun" <svurgun@yahoo.com> wrote in message
> > > news:ePjV8XfZEHA.3092@tk2msftngp13.phx.gbl...
> > > > I am trying to parse the PKCS#7 package returned by
> > > > ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using
> runtime
> > > > callable wrappers. I tried using CAPICOM's SignedDataClass but I
> > couldn't
> > > > get it working. When I try to access the certificates, I get "Message
> > has
> > > > not been signed" error. Do you know how to (or have example code to)
> > parse
> > > > PKCS#7 .NET?
> > > >
> > > > Thanks.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

"Sengul Vurgun" <svurgun@yahoo.com> wrote in message news:ePjV8XfZEHA.3092@tk2msftngp13.phx.gbl...
> I am trying to parse the PKCS#7 package returned by
> ICertAdmin2::GetArchivedKey method of certadm.dll in .NET using runtime
> callable wrappers. I tried using CAPICOM's SignedDataClass but I couldn't
> get it working. When I try to access the certificates, I get "Message has
> not been signed" error. Do you know how to (or have example code to) parse
> PKCS#7 .NET?
>
> Thanks.
>
>