0

I'm developing a third party Cryptographic Service Provider (CSP) DLL and Want to integrate the same with Microsoft Windows. The main goal of this development is to call our cryptographic functions like Digital Signature and signature verification from Office tools like word,excel etc. Here i'm facing the following issues.

1) I have developed CSP DLL, Signed and registered it in registry entries. This is working fine as we tested with test application by loading our cpacquirecontext and other crypto APIs.Here we are providing CSP name "XYZ" in the test application so that Test application correctly identifying our dll and calling the functions accordingly.

2) After this now we want to call our CSP dll API from Microsoft word for digital signature operation. For this what settings/Configurations need to be done in order to bypass default Microsoft csp and call our csp dll for Digital Signature. kindly help me in solving this issue.

Thirumal
  • 41
  • 3

2 Answers2

1

In order to make the certificates stored in your CSP usable by Office and other application for digital signature operations, you will need to register these certificate in Windows "MY" certificate store using CertAddEncodedCertificateToStore and then update the CERT_KEY_PROV_INFO_PROP_ID property of the resulting CERT_CONTEXT using CertSetCertificateContextProperty in order to indicate your CSP name and the container where the certificate's key resides.

I have written a small command line program that uses this method to load all certificates stored in a given CSP to the "MY" certificate store. It also offers the possibility to remove certificates from the "MY" certificate store, which is useful when the certificates are no more needed/available. You can get its source code from https://www.idrix.fr/Root/Samples/LoadCertToStore.cpp.

I hope this will help.

Mounir IDRASSI
  • 1,336
  • 10
  • 15
0

I have same situation as you.
My CSP work fine with test applications and MS Office 2007 but it's not work with MS Office 2010 and 2013.
This is the MS Office's issue:

Office 2010 does not support certain certificates in a Windows 7 or Windows Vista environment. Specifically, these unsupported certificates use private keys that are stored by a third-party cryptographic service provider (CSP). Therefore, an Office 2010 document cannot be signed by using a Cryptographic API (CAPI).

You can download Office 2010 hotfix package (Mso-x-none) here.

For MS Office 2013, It seems you need Service Pack 1.

Thinh Nguyen Van
  • 113
  • 2
  • 18
  • Hii Thinh Can you help him : https://stackoverflow.com/questions/48090891/implementing-custom-cryptographic-service-provider-csp-entry-point-in-dll-file – Ankur Singh Jan 04 '18 at 07:56