<div dir="ltr"><div>Hi Richard,</div><div><br></div><div>Glad you like it. The cert: scheme is a little inconvenient and I do not know how extensively it is used in practice. But it seemed appropriate to leverage it since it was around already and seemed to fit the bill.</div><div><br></div><div>Microsoft's documentation is not too extensive, but for anybody interested, here is a starting point:</div><div><a href="https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/about/about_certificate_provider?view=powershell-7.1">https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/about/about_certificate_provider?view=powershell-7.1</a></div><div><br></div><div>Best regards,</div><div>Reinier</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 2, 2021 at 9:03 AM Richard Levitte <<a href="mailto:levitte@openssl.org" target="_blank">levitte@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">This is cool!<br>
<br>
I had some kind of skeleton of a start to make something similar, but<br>
time was never on my side. I'm really glad to see this got picked up!<br>
<br>
This also answered a question I never got the answer for, what scheme<br>
to use for the STORE. I know next to nothing about PowerShell, so<br>
hadn't discovered the 'cert:' "scheme". That answers quite a lot :-)<br>
<br>
Time for me to throw away my skeleton then ;-)<br>
<br>
Cheers,<br>
Richard<br>
<br>
On Thu, 01 Jul 2021 19:49:00 +0200,<br>
Reinier Torenbeek wrote:<br>
> <br>
> Hi,<br>
> <br>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may want to check out this<br>
> new OpenSSL CNG Engine project on GitHub: <a href="https://github.com/rticommunity/openssl-cng-engine" rel="noreferrer" target="_blank">https://github.com/rticommunity/openssl-cng-engine</a> . The<br>
> associated User's Manual is on ReadTheDocs: <br>
> <a href="https://openssl-cng-engine.readthedocs.io/en/latest/index.html" rel="noreferrer" target="_blank">https://openssl-cng-engine.readthedocs.io/en/latest/index.html</a> .<br>
> <br>
> The project implements the majority of the EVP interface, to leverage the BCrypt crypto<br>
> implementations, as well as a subset of the STORE interface, for integration with the<br>
> Windows Certificate and Keystore(s), via the NCrypt and Cert APIs. It has been tested with 1.1.1k<br>
> on Windows 10, with Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.<br>
> <br>
> Any feedback is welcome, please send it to me or open an issue on GitHub.<br>
> <br>
> Best regards,<br>
> Reinier<br>
> <br>
> <br>
-- <br>
Richard Levitte <a href="mailto:levitte@openssl.org" target="_blank">levitte@openssl.org</a><br>
OpenSSL Project <a href="http://www.openssl.org/~levitte/" rel="noreferrer" target="_blank">http://www.openssl.org/~levitte/</a><br>
</blockquote></div></div>