System Requirements:
- Windows Server 2008, R2
- Windows Vista
- Windows 7
- Windows 8, 8.1
- 7.0, 7.5, 8.0
- ASP 3.0 (Classic)
- CAPICOM 2.1.0.2
The Problem:
Ah encryption, that most noble of things. One thing that is sure to drive every developer close to the brink on the odd occasion. The one time where clear, concise API documentation should be considered mandatory – and the one place where good API documentation it seems is an obligation itself not to provide. Be it Microsoft, Java, BouncyCastle, PHP it would seem they are all blighted with the same issue.
Attempting to use legacy API on an unsupported platform should seem like an exercise in masochism, however, you know how much I like to avoid using .net whenever I can.
If you attempt to do this
or this
you will get back
If you send in a .cer file instead of a .pfx, it works without error but doesn’t allow you to access the Private Key.
More Info
Taking the two code samples in order
Should you be getting a 0x80070056 error, your password is wrong. If the file doesn’t have a password, only send parameter 1 (which is about to cause you a problem). To resolve the 0x80090020 error while using a CAPICOM_MEMORY_STORE, you need to stop CAPICOM from attempting to insert the certificate as a resource for a user. If the IIS worker process that you are using doesn’t connect to a user account and has no permissions, the default parameter
or 0 will throw 0x80090020.To change the scope, ensure that you use the fourth parameter and set the value to
.To resolve the second issue, modify the original code to make use of the now fixed certificate.load() call and import it vie the long route.
If you receive 0x80070005, you are either getting an Access Denied error to the MEMORY_STORE or you are attempting to import a certificate into the instantiated store which already exists. Similarly, if you receive 0x80070056, your password is wrong.