c# - How to stop Windows CryptoAPI to add private key to public-only cert upon decryption -
i'm trying test s/mime decryption cryptdecryptmessage function in decryption mode keeps working if certificate in personal store public-only (while private key needed decryption). magically, certificate turns private+public certificate after function called.
initially, had full certificate in personal store , working fine. then, had test happen if tried decrypt having public-key cert. exported public key, removed cert store , imported public key alone. can't testing because windows somehow adds private key cert. perhaps, there internal cache of private keys or activated when cryptoapi needs private key. disable feature if possible or somehow tell system don't want use cryptoapi calls.
the same occurs outlook (as internally uses same cryptoapi functions).
i added excerpt sources (cannot create self-contained sample turns out complex) decryption part should ok. double checked private key appears in certificate @ moment when cryptdecryptmessage executed, not before or after.
// stores 1 entry (my), got certopenstore // contentbytes our data decrypt intptr[] storehandles = new intptr[stores.length]; (int = 0; < stores.length; i++) { if (stores[i] != null) { storehandles[i] = stores[i].handle; } } byte[] contentbytes = data; intptr pdecryptpara = intptr.zero; intptr pbencryptedblob = intptr.zero; uint cbencryptedblob = (uint)contentbytes.length; intptr pbdecrypted = intptr.zero; uint cbdecrypted = 0; crypt_decrypt_message_para decryptpara = new crypt_decrypt_message_para(); decryptpara.cbsize = (uint)marshal.sizeof(decryptpara.gettype()); decryptpara.dwmsgandcertencodingtype = pkcs_7_asn_encoding | x509_asn_encoding; decryptpara.ccertstore = (uint)storehandles.length; gchandle storehandleshandle = gchandle.alloc(storehandles, gchandletype.pinned); decryptpara.rghcertstore = (intptr) storehandleshandle.addrofpinnedobject(); intptr pxchgcert = intptr.zero; pdecryptpara = marshal.allochglobal((int)decryptpara.cbsize); marshal.structuretoptr(decryptpara, pdecryptpara, true); pbencryptedblob = marshal.allochglobal((int)cbencryptedblob); marshal.copy(contentbytes, 0, pbencryptedblob, (int)cbencryptedblob); // @ point cert in storage not have private key int ret = cryptoapifuncs.cryptdecryptmessage(pdecryptpara, pbencryptedblob, cbencryptedblob, pbdecrypted, ref cbdecrypted, ref pxchgcert); // cert has private key
Comments
Post a Comment