News  [SoftwareSite

Latest News
Older News
RSS Feed
Complete Projects
Useful Classes
Top Downloads
Message Board
Send Comments
Software License Buttons
Forums -> Security Library Forum
by Stephen Peters [stephen at psc dot net dot au]
posted on 2004/09/07

I'm trying to use certificates that are not self generated (e.g. by makecert), and in fact come from a third party.

These certificates return false for SupportsDataEncryption & SupportsDigitalSignature, despite claiming to support all application policies when viewed in the certmgr MMC tool.

If I generate certificates using makecert with the appropriate flag, they work fine. Both the Mentalis library and the MS WSE1 X509Certificate report the same property values (false).

The certificate provider swears blind that these certificates do support both options. However they provide an unmanaged dll with a proprietary store which I am not keen to use (would prefer to stick with the windows crypto store to ease deployment and interoperability issues).

I checked GetIntendedKeyUsage() but am not sure on the best usage of this method. Are the 2 properties above derived from/consistent with the return code from GetIntendedKeyUsage()?

Thanks in advance

by Stephen Peters [stephen at psc dot net dot au]
posted on 2004/09/07

Well I just checked the source code and I can see that GetIntendedKeyUsage() and the SupportsDataEncryption & DigitalSignatures properties are the same thing, so I have answered that part myself.

by Stephen Peters [stephen at psc dot net dot au]
posted on 2004/09/07

Well, upon even more investigation I discovered that the certificate provider is only setting the Key Encipherment bit (0x20), when the Mentalis and WSE frameworks expect the Data Encipherment (0x10) bit set for SupportsDataEncryption. Go figure...

Anyway, I guess I answered both my own questions.


Copyright © 2002-2007, The Team. All rights reserved.
This site is located at
Send comments to the webmaster.