[openssl-users] How do I verify the pin of USBKEY?

[Redmond@139.]

hello

  it's not relative to the OPENSSL diretly,however I have no idea totally except to send email to you.please help me,although I'm not familiar with CryptoAPI 
program,however with Google,I have written the following code, I have 
two questions on CSP program,I'm using Win7 & Visual Studio 2008


#1 how do I verify the pin of USBKEY hardware via CryptoAPI?





#include "stdafx.h"
#include <windows.h>
#include <wincrypt.h>
#include "iostream"
#pragma comment(lib,"crypt32.lib")

using namespace std

int _tmain(int argc, _TCHAR* argv[])
{
    
    PCCERT_CONTEXT m_pCertContext
    HCERTSTORE m_hStore
    m_pCertContext = NULL
    m_hStore = NULL


    if(m_pCertContext == NULL)
    {
        string strOName("Organization ClassA CA")
        TCHAR* lpszStoreName =_T("MY")
         HCERTSTORE m_hStore = CertOpenSystemStore(NULL, lpszStoreName)

        if (m_hStore) 
        {    
            CERT_RDN certRDN
            certRDN.cRDNAttr = 1
            certRDN.rgRDNAttr = new CERT_RDN_ATTR
            certRDN.rgRDNAttr->pszObjId = szOID_ORGANIZATIONAL_UNIT_NAME
            certRDN.rgRDNAttr->dwValueType = CERT_RDN_ANY_TYPE
            certRDN.rgRDNAttr->Value.pbData = (BYTE *) strOName.c_str()
            certRDN.rgRDNAttr->Value.cbData = strlen(strOName.c_str())
            PCCERT_CONTEXT pCurrent = NULL
            pCurrent = CertFindCertificateInStore(    m_hStore, 
                                                    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 
                                                    0, 
                                                    CERT_FIND_ISSUER_ATTR, 
                                                    &certRDN, 
                                                    NULL)
            while(pCurrent != NULL)
            {
                BOOL bRet = FALSE
                byte bUsage

             
                bRet = CertGetIntendedKeyUsage(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, pCurrent->pCertInfo, &bUsage, 1)
               if(bRet)
               {
              //check cert contains private key
                if((bUsage & CERT_DIGITAL_SIGNATURE_KEY_USAGE) && (bUsage & CERT_NON_REPUDIATION_KEY_USAGE))
                {
         
                    bRet = CryptFindCertificateKeyProvInfo(pCurrent,0,NULL)

                }
                if(bRet)
                {
                    m_pCertContext = pCurrent
                    pCurrent = NULL

                    //the code of pin verification should be here,but I can't figure out what I should written.



                    break
                }

                pCurrent = CertFindCertificateInStore(    m_hStore, 
                                                    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 
                                                    0, 
                                                    CERT_FIND_ISSUER_ATTR, 
                                                    &certRDN, 
                                                    pCurrent)
            }
            

            delete certRDN.rgRDNAttr        
        }

    //if there's no cert that I want to be found,release the resource 
        if(m_pCertContext == NULL)
        {
            if (m_pCertContext) {
        CertFreeCertificateContext(m_pCertContext)
        m_pCertContext = NULL
            }
    if (m_hStore) {
        CertCloseStore(m_hStore, CERT_CLOSE_STORE_FORCE_FLAG)
        m_hStore = NULL
    }
        }
        }

  
    }
        return 0
}

#2 How do I get the message in below via CryptoAPI?

this is  a XML file,I have to read the data though CryptoAPI and paste them to a XML,I just don't know how to get it


<DigestValue>uBQI2f/2CMbtPbVLni0jL+J1psE=</DigestValue>

<SignatureValue>PVfM1YCAU701rshiHuALV6LiLuQKQTPidejsUKyMu4ys3dQhO1a36mAZrjnEN0ZIYcRn7VFTWsjDr8imCGjE09GHnsJY0QtqByjUxBpIaxu95MBiqNy4geFy/PKVFQ19yAtKwNd1jXkvjpN7e4eQ0JhUyfc9rA69KIXonvsF2hE=</SignatureValue>

<X509IssuerName>CN=NETCA Individual ClassA CA, OU=Individual ClassA CA, O=NETCA Certificate Authority, C=CA</X509IssuerName><X509SerialNumber>81795886028495042323800393625097362204</X509SerialNumber></X509IssuerSerial><X509Certificate>MIIEBjCCAu6gAwIBAgIQPYlQiyH4Ks50d1Pg0NZbHDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJDTjEkMCIGA1UEChMbTkVUQ0EgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR0wGwYDVQQLExRJbmRpdmlkdWFsIENsYXNzQSBDQTEjMCEGA1UEAxMaTkVUQ0EgSW5kaXZpZHVhbCBDbGFzc0EgQ0EwHhcNMTIwNDE4MTYwMDAwWhcNMTMwNDE5MTU1OTU5WjBzMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMQ0wCwYDVQQHHgRef13eMSUwIwYDVQQDHhxOKk66bUuL1QAyADAAMQAxADAANAAyADIAMAAxMRowGAYJKoZIhvcNAQkBFgt6c0BjbmNhLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1DO/NjAy1++niPTgcVcR3WwQ5z0uiq0qkg/g1mwhXDWZ7V5cAtrGsQVl82SYXBIxaVMPEXPI2ess8rYY7w7KJD/WFMpdRHmK57ZkDsqJbh55D0ylMBPovwJwfmJ6mJwu9+9oU13zlKKetL3eVAIomp3i37YVPWWpRbWTU2GcnG0CAwEAAaOCARQwggEQMB8GA1UdIwQYMBaAFLFHZEQZX2XMQLsGS+l5BOAe7LVOMB0GA1UdDgQWBBShjFOEYwPh3wcsixILjbcCat+4XjBXBgNVHSAEUDBOMEwGCisGAQQBgZJIAQowPjA8BggrBgEFBQcCARYwaHR0cDovL3d3dy5jbmNhLm5ldC9jcy9rbm93bGVkZ2Uvd2hpdGVwYXBlci9jcHMvMBYGA1UdEQQPMA2BC3pzQGNuY2EubmV0MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jbGFzc2FjYTEuY25jYS5uZXQvY3JsL0luZGl2aWR1YWxDQS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAAdTQ0s+EYNLchwSoAb5MvGGFWh24XuQGLJLJ+81F3ww11Ah31GSRqJVoXzhozH9GPym0M77LjUiasWCN47tOuhTN3aVGZfGq2daMq2+j+p6LOya/mbq7w3SdhGa1vTrTjkxXNCRnFHDsLR1ujv40WrQM7HfBJ9TOckDSzGbDXSog14mbGTWJaP+FwDb/4YEH7W4Wy2vcPG5/gbWYWwujvSTDBtK9QXhM48Car2oExnmYAbxiu81z4CPPB0LB/GyxtzsYbB4YItFWTY4E8jcQb+VDRbYruX5k1ndk4zLAu45bqrhInAknr9tlMu01VofDNexz0xqmScEkWqdtLhMDow=</X509Certificate></



any idea?

thanks

Regards

Ken





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160201/ee31a590/attachment-0001.html>