Download user manual

Reading a Key from a Keyset
Type
User ID Handling
You can also specify an LDAP URL as the key ID as
described in “LDAP Keysets” on page 136.
PGP
The key ID is a name with an optional email address which is
usually given inside angle brackets. Since PGP keys usually
combine the key owner’s name and email address into a single
value, it’s possible to match an email address using
CRYPT_KEYID_NAME, and vice versa.
139
The key ID is matched as a substring of any of the names and
email addresses attached to the key, with the match being
performed in a case-insensitive manner. This is the same as
the matching performed by PGP.
Note that, like PGP, this will return the first key in the keyset
for which the name or email address matches the given key
ID. This may result in unexpected matches if the key ID that
you’re using is a substring of a number of names or email
addresses that are present in the key ring. Since email
addresses are more likely to be unique than names, it’s a good
idea to specify the email address to guarantee a correct match.
Assuming that you wanted to read Noki Crow’s public key from a keyset you would
use:
CRYPT_HANDLE publicKey;
cryptGetPublicKey( cryptKeyset, &publicKey, CRYPT_KEYID_NAME,
"Noki S.Crow" );
In Java or C# this is:
int publicKey = crypt.GetPublicKey( cryptKeyset, crypt.KEYID_NAME,
"Noki S.Crow" );
In Visual Basic the operation is:
Dim publicKey As Long
cryptGetPublicKey cryptKeyset, publicKey, CRYPT_KEYID_NAME, _
"Noki S.Crow"
Note that the CRYPT_HANDLE is passed to cryptGetPublicKey by reference, as
the function modifies it when it creates the public key context. Reading a key from a
crypto device works in an identical fashion:
CRYPT_HANDLE publicKey;
cryptGetPublicKey( cryptDevice, &publicKey, CRYPT_KEYID_NAME,
"Noki S.Crow" );
The only real difference is that any encryption performed with the key is handled via
the crypto device, although cryptlib hides all of the details so that the key looks and
functions just like any other encryption context.
You can use cryptGetPublicKey not only on straight public-key keysets but also on
private key keysets, in which case it will return the public portion of the private key
or the certificate associated with the key.
The other function which is used to obtain a key is cryptGetPrivateKey, which
differs from cryptGetPublicKey in that it expects a password alongside the user ID
if the key is being read from a keyset. This is required because private keys are
usually stored encrypted and the function needs a password to decrypt the key. If the
key is held in a crypto device (which requires a PIN or password when you open a
session with it, but not when you read a key), you can pass in a null pointer in place
of the password. For example if Noki Crow’s email address was [email protected]
and you wanted to read their private key, protected by the password “Password”,
from a keyset you would use: