C++ 如何在存储中添加证书?
我正在尝试将证书添加到存储,但我是新加入的。我一直在搜索有关如何将证书安装到存储而不从存储中查找证书上下文的信息(存储中没有证书)。我发现的所有东西都在下面的代码中使用过。但它似乎不起作用,即使在安装了证书的消息之后,我也无法在存储中找到证书C++ 如何在存储中添加证书?,c++,winapi,certificate,cryptoapi,wincrypt,C++,Winapi,Certificate,Cryptoapi,Wincrypt,我正在尝试将证书添加到存储,但我是新加入的。我一直在搜索有关如何将证书安装到存储而不从存储中查找证书上下文的信息(存储中没有证书)。我发现的所有东西都在下面的代码中使用过。但它似乎不起作用,即使在安装了证书的消息之后,我也无法在存储中找到证书 static HCRYPTPROV hProv = 0; static HCRYPTKEY hKey = 0; static unsigned char *pbKeyBlob = nullptr; static unsigned int cbKeyBlob
static HCRYPTPROV hProv = 0;
static HCRYPTKEY hKey = 0;
static unsigned char *pbKeyBlob = nullptr;
static unsigned int cbKeyBlob;
static unsigned int cbCertBlob;
static unsigned char *pbCertBlob = nullptr;
LPCSTR szCont = "myCont";
if(CryptAcquireContext(&hProv, szCont, nullptr, PROV_GOST_2012_256, 0))
{
qDebug() << "The key container \"%s\" has been acquired.\n" << szCont;
}
else
{
HandleError("Error during CryptAcquireContext.");
}
if(CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hKey))
{
qDebug() << "The public key has been acquired. \n";
}
else
{
HandleError("Error during CryptGetUserKey public key.");
}
if(CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, nullptr, &cbKeyBlob))
{
qDebug() << "Size of the BLOB for the public key determined. \n";
}
else
{
HandleError("Error computing BLOB length.");
}
pbKeyBlob = static_cast<unsigned char*>(malloc(cbKeyBlob));
if(!pbKeyBlob)
{
HandleError("Out of memory. \n");
}
if(CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, pbKeyBlob, &cbKeyBlob))
{
qDebug() << "Contents have been written to the BLOB. \n";
}
else
{
HandleError("Error during CryptExportKey.");
}
if(CryptGetKeyParam(hKey, KP_CERTIFICATE, nullptr, &cbCertBlob, 0))
{
pbCertBlob = static_cast<unsigned char*>(malloc(cbCertBlob));
if(!pbCertBlob)
{
HandleError("Out of memory. \n");
}
szFileName = static_cast<char*>(malloc((strlen(szCont) + 5) * sizeof(char)));
if(!szFileName)
{
HandleError("Out of memory. \n");
}
if(CryptGetKeyParam(hKey, KP_CERTIFICATE, pbCertBlob, &cbCertBlob, 0))
{
qDebug() << "Got certificate from container.\n";
}
else
{
HandleError("Error during CryptGetKeyParam.");
}
strcpy(szFileName, szCont);
strcat(szFileName, ".cer");
WriteBlobToFile(Cert, pbCertBlob, cbCertBlob);
pDesiredCert = CertCreateCertificateContext(MY_ENCODING_TYPE, pbCertBlob, cbCertBlob);
hCertStore = CertOpenSystemStore(0, "mRoot");
静态HCRYPTPROV hProv=0;
静态HCRYPTKEY hKey=0;
静态无符号字符*pbKeyBlob=nullptr;
静态无符号int-cbKeyBlob;
静态无符号int-cbCertBlob;
静态无符号字符*pbCertBlob=nullptr;
LPCSTR szCont=“myCont”;
if(密码获取上下文(&hProv、szCont、nullptr、PROV_GOST_2012_256,0))
{
qDebug()最好使用专用工具(如等)创建证书。之后,根据需要,您可以将其添加到证书存储中。
编辑:
makecert.exe -$ individual -n "CN=Test Signing Cert" -r C:\Users\public_v2.crt
然后
#pragma注释(lib,“crypt32.lib”)
#包括
#包括
#包括
#定义MY_ENCODING_类型(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
无效MyHandleError(常量字符*s);
int main()
{
//用法:CertExtract certpath
char keyFile[]=“C:\\Users\\public\u v2.crt”;
字节lp[65536];
安全(a);
处理档案;
双字字节;
HCERTSTORE-hFileStore;
PCCERT_上下文certContext;
HCERTSTORE hsystore;
sa.nLength=sizeof(sa);
sa.lpSecurityDescriptor=NULL;
sa.bInheritHandle=FALSE;
hKeyFile=CreateFile(键文件、通用读取、文件共享读取和sa、打开现有、文件属性正常、空);
如果(hKeyFile){
if(ReadFile(hKeyFile,lp,GetFileSize(hKeyFile,NULL),&bytes,NULL)&&bytes>0){
certContext=CertCreateCertificateContext(X509\u ASN\u编码,lp,字节);
如果(证书上下文){
printf(“耶!”);
/*如果(hFileStore=CertOpenStore(
证书存储文件名,
我的编码类型,
无效的
0,
L“testStor.sto”))
{
printf(“文件存储已打开。继续。\n”);
}
其他的
{
MyHandleError(“文件存储未打开”);
}*/
if(hssystemstore=CertOpenSystemStore(
0,
“CA”))
{
printf(“CA系统存储已打开。继续。\n”);
}
其他的
{
MyHandleError(“第一个系统存储未打开”);
}
如果(CertAddEncodeCertificateToStore(
系统商店,
我的编码类型,
certContext->pbCertEncoded,
certContext->cbCertEncoded,
证书存储添加新的,
&(上下文)
{
printf(“文件存储中添加了另一个证书。\n”);
}
其他的
{
MyHandleError(“新证书未添加到”
"档案室";;
}
/*if(CertSaveStore)(
hFileStore,
我的编码类型,
证书存储保存为PKCS7,
证书存储保存到文件名,
(无效*)L“testStor.sto”,
0))
{
printf(“另一个证书保存到文件存储。\n”);
}
其他的
{
MyHandleError(“新证书未添加到”
"档案室";;
}*/
//-------------------------------------------------------------------
//释放内存。
CertCloseStore(hSystemStore,0);
//CertCloseStore(hFileStore,0);
printf(“程序运行到最后没有错误。\n”);
CertFreeCertificateContext(certContext);
}
否则{
printf(“无法将证书转换为内部格式\n”);
}
}
否则{
printf(“读取密钥文件失败:%s\n”,密钥文件);
}
}
否则{
printf(“无法打开密钥文件:%s\n”,密钥文件);
}
CloseHandle(hKeyFile);
返回0;
}
//-------------------------------------------------------------------
//此示例使用函数MyHandleError,这是一个简单的错误
//处理功能,将错误消息打印到标准
//错误(stderr)文件并退出程序。
//对于大多数应用程序,将此功能替换为一个
//这会产生更广泛的错误报告。
无效MyHandleError(常量字符*s)
{
fprintf(stderr,“运行程序时出错。\n”);
fprintf(标准字符,“%s\n”,s);
fprintf(stderr,“错误号%x.\n”,GetLastError());
fprintf(stderr,“程序终止。\n”);
出口(1);
}//MyHandleError的结尾
谢谢你的回复。我已经检查了你发布的链接,但它似乎不适合我的情况。我的商店中没有证书,因此如何使用CertEnumCertificateSinstare
找到任何上下文?第二,我已经有了从容器中获得的.cer文件,因此我不需要创建它。我已经添加了public\u v2.crt
已成功将证书发送到系统存储区和文件存储区,您可以参考我的更新答案。谢谢您的答案,但它不符合我的需要。我已经有.cer
文件,我不能使用任何其他文件扩展名(如果有问题),除此之外,我不会在Windows中使用我的代码,它是针对Sailfish操作系统的,所以我没有CreateFile
或ReadFile
函数。从这个链接中,我已经看到了类似于您的示例,但它不适合。但也许您可以
makecert.exe -$ individual -n "CN=Test Signing Cert" -r C:\Users\public_v2.crt
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(const char* s);
int main()
{
// usage: CertExtract certpath
char keyFile[] = "C:\\Users\\public_v2.crt";
BYTE lp[65536];
SECURITY_ATTRIBUTES sa;
HANDLE hKeyFile;
DWORD bytes;
HCERTSTORE hFileStore;
PCCERT_CONTEXT certContext;
HCERTSTORE hSystemStore;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = FALSE;
hKeyFile = CreateFile(keyFile, GENERIC_READ, FILE_SHARE_READ, &sa, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hKeyFile) {
if (ReadFile(hKeyFile, lp, GetFileSize(hKeyFile, NULL), &bytes, NULL) && bytes > 0) {
certContext = CertCreateCertificateContext(X509_ASN_ENCODING, lp, bytes);
if (certContext) {
printf("yay!");
/*if (hFileStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
MY_ENCODING_TYPE,
NULL,
0,
L"testStor.sto"))
{
printf("The file store is open. Continue.\n");
}
else
{
MyHandleError("The file store did not open.");
}*/
if (hSystemStore = CertOpenSystemStore(
0,
"CA"))
{
printf("The CA system store is open. Continue.\n");
}
else
{
MyHandleError("The first system store did not open.");
}
if (CertAddEncodedCertificateToStore(
hSystemStore,
MY_ENCODING_TYPE,
certContext->pbCertEncoded,
certContext->cbCertEncoded,
CERT_STORE_ADD_NEW,
&certContext))
{
printf("Another certificate is added to the file store.\n");
}
else
{
MyHandleError("The new certificate was not added to the "
"file store.");
}
/*if (CertSaveStore(
hFileStore,
MY_ENCODING_TYPE,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_FILENAME,
(void*)L"testStor.sto",
0))
{
printf("Another certificate is saved to the file store.\n");
}
else
{
MyHandleError("The new certificate was not added to the "
"file store.");
}*/
//-------------------------------------------------------------------
// Free memory.
CertCloseStore(hSystemStore, 0);
//CertCloseStore(hFileStore, 0);
printf("The program ran without error to the end.\n");
CertFreeCertificateContext(certContext);
}
else {
printf("Could not convert certificate to internal form\n");
}
}
else {
printf("Failed to read key file: %s\n", keyFile);
}
}
else {
printf("Failed to open key file: %s\n", keyFile);
}
CloseHandle(hKeyFile);
return 0;
}
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function, to print an error message to the standard
// error (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(const char* s)
{
fprintf(stderr, "An error occurred in running the program. \n");
fprintf(stderr, "%s\n", s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError