CryptAcquireCertificatePrivateKey

Windows CE 3.0

This function acquires a HCRYPTPROV cryptographic service provider (CSP) handle including access to its related key container and the dwKeySpec parameter for a user's specified certificate context. This function is used to get access to a user's private key when the user's certificate is available and the handle of a CSP with the user's key container is not available. This function can be used by the owner of a private key and not by any other user.

If a CSP handle and the key container containing a user's private key are available, the CryptGetUserKey function can be used.

BOOL WINAPI CryptAcquireCertificatePrivateKey(
PCCERT_CONTEXT pCert,
DWORD dwFlags,
void *pvReserved,
HCRYPTPROV *phCryptProv,
DWORD *pdwKeySpec,
BOOL *pfCallerFreeProv
);

Parameters

pCert
[in] Pointer to a CERT_CONTEXT structure containing the specified certificate context. This is the certificate context for which a private key will be acquired.
dwFlags
[in] The following table defines the dwFlags.
Value Description
CRYPT_ACQUIRE_CACHE_FLAG An HCRYPTPROV value is returned as the phCryptProv parameter. If an HCRYPTPROV value is already acquired and cached, that HCRYPTPROV value is returned. Otherwise, a new HCRYPTROV value is acquired and cached by using the certificate's CERT_KEY_CONTEXT_PROP_ID.

In any case, when this flag is set, the pfCallerFreeProv parameter returns FALSE and the calling application must not free the cached HCRYPTPROV value.

CRYPT_ACQUIRE_USE_PROV_INFO_FLAG Uses the certificate's property CERT_KEY_PROV_INFO_PROP_ID to determine if caching should be accomplished. For more information on CERT_KEY_PROV_INFO_PROP_ID, see the CertSetCertificateContextProperty function.

Uses caching, but only if during a previous call the dwFlags parameter of the CRYPT_KEY_PROV_INFO structure was CERT_SET_KEY_CONTEXT_PROP.

CRYPT_ACQUIRE_COMPARE_KEY_FLAG The public key in the certificate is compared with the public key returned by the CSP. If the keys do not match, the acquisition operation fails and the last error code is set to NTE_BAD_PUBLIC_KEY. If a cached HCRYPTPROV value is returned, no comparison is made.
pvReserved
[in] Reserved for future use and must be NULL.
phCryptProv
[out] Pointer to the returned HCRYPTPROV value. Depending on the dwFlags value, the HCRYPTPROV value must be freed by the calling application or explicitly freed on the last free action of the certificate context.
pdwKeySpec
[out] Pointer to a DWORD value identifying the private key to use from the acquired provider's key container. It can be AT_KEYEXCHANGE or AT_SIGNATURE.
pfCallerFreeProv
[out] Pointer to a BOOL flag. The flag is returned set to FALSE if:
  • Public key acquisition or comparison fails.
  • CRYPT_ACQUIRE_CACHE_FLAG is set.
  • CRYPT_ACQUIRE_USE_PROV_INFO_FLAG is set, the certificate context property is set to CERT_KEY_PROV_INFO_PROP_ID with the CRYPT_KEY_PROV_INFO structure, and the dwFlags parameter is set to CERT_SET_KEY_CONTEXT_PROP_ID.

If the fCallerFreeProv flag is returned FALSE, the calling application must not release the returned HCRYPTPROV value. The returned HCRYPTPROV value is released on the last free action of the certificate context.

When the fCallerFreeProv flag is set to TRUE, the returned HCRYPTPROV value must be released by calling the CryptReleaseContext function.

Return Values

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, the return value is zero (FALSE).

For extended error information, call the GetLastError function. The following table shows one possible error code.

Value Description
NTE_BAD_PUBLIC_KEY The public key in the certificate does not match the public key returned by the CSP. This error code is returned if CRYPT_ACQUIRE_COMPARE_KEY_FLAG is set and the public key in the certificate does not match the public key returned by the cryptographic provider.

Requirements

Runs on Versions Defined in Include Link to
Windows CE OS 3.0 or later Wincrypt.h   Crypt32.lib
Note   This API is part of the complete Windows CE OS package as provided by Microsoft. The functionality of a particular platform is determined by the original equipment manufacturer (OEM) and some devices may not support this API.

See Also

HCRYPTPROV, CertSetCertificateContextProperty, CryptGetUserKey, CryptReleaseContext, CERT_CONTEXT, CRYPT_KEY_PROV_INFO


 Last updated on Tuesday, July 13, 2004

© 1992-2000 Microsoft Corporation. All rights reserved.

Show: