Using OpenSSL with Windows cert store
pwfran98 at wp.pl
Sun Apr 23 19:59:17 UTC 2023
I am quite new to OpenSSL on Windows and I did some research on the
solve my problem, but available knowledge seems to be limited.
I need to to develop TLS 1.2 application using OpenSSL 1.0.2 (FIPS
on Windows platform. I have requirement that it should get certificates,
CRLs from Windows cert store, and it should use TLS 1.2 EC-based suites.
I have some knowledge about crypto, TLS and OpenSSL but Windows
integration is quite new for me.
Correct me if I am wrong, but as far as I know there are, at least in
theory, 2 ways
of doing this:
1) Get required cert/keys from Windows store using Windows API (Crypto
API or CNG ?)
and loat it to OpenSSL. I generated self signed certs/keys and imported
them into Windows MY store.
Getting certificates from there programmatically using WinAPI is quite
easy and works (CertFindCertificateInStore, etc.),
but is it possible to retrieve also corresponding private keys ?
I see functions like CryptExportPKCS8Ex, but it seems they are marked as
Is there any working example of retrieving specific key using it ?
Or perhaps it would b e easier to use CNG API to do it ?
2) Using OpenSSL directly with CryptoAPI engine (capi).
Setting capi engine I was able to sign and verify signatures using RSA
but it seems that CryptoAPI (and capi engine using it) does not support EC.
I realize that part of these questions are more Windows-related, but I
problem of using OpenSSL for modern TLS communication using Windows
store should be
known and well researched, but relevant information on the net is sparse.
Thanks a lot in advance for any help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users