hello it's not relative to the OPENSSL diretly,however I have no idea totally except to send email to you.please help me,although I'm not familiar with CryptoAPI program,however with Google,I have written the following code, I have two questions on CSP program,I'm using Win7 & Visual Studio 2008 #1 how do I verify the pin of USBKEY hardware via CryptoAPI? #include "stdafx.h" #include <windows.h> #include <wincrypt.h> #include "iostream" #pragma comment(lib,"crypt32.lib") using namespace std int _tmain(int argc, _TCHAR* argv[]) { PCCERT_CONTEXT m_pCertContext HCERTSTORE m_hStore m_pCertContext = NULL m_hStore = NULL if(m_pCertContext == NULL) { string strOName("Organization ClassA CA") TCHAR* lpszStoreName =_T("MY") HCERTSTORE m_hStore = CertOpenSystemStore(NULL, lpszStoreName) if (m_hStore) { CERT_RDN certRDN certRDN.cRDNAttr = 1 certRDN.rgRDNAttr = new CERT_RDN_ATTR certRDN.rgRDNAttr->pszObjId = szOID_ORGANIZATIONAL_UNIT_NAME certRDN.rgRDNAttr->dwValueType = CERT_RDN_ANY_TYPE certRDN.rgRDNAttr->Value.pbData = (BYTE *) strOName.c_str() certRDN.rgRDNAttr->Value.cbData = strlen(strOName.c_str()) PCCERT_CONTEXT pCurrent = NULL pCurrent = CertFindCertificateInStore( m_hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_ATTR, &certRDN, NULL) while(pCurrent != NULL) { BOOL bRet = FALSE byte bUsage bRet = CertGetIntendedKeyUsage(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, pCurrent->pCertInfo, &bUsage, 1) if(bRet) { //check cert contains private key if((bUsage & CERT_DIGITAL_SIGNATURE_KEY_USAGE) && (bUsage & CERT_NON_REPUDIATION_KEY_USAGE)) { bRet = CryptFindCertificateKeyProvInfo(pCurrent,0,NULL) } if(bRet) { m_pCertContext = pCurrent pCurrent = NULL //the code of pin verification should be here,but I can't figure out what I should written. break } pCurrent = CertFindCertificateInStore( m_hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_ATTR, &certRDN, pCurrent) } delete certRDN.rgRDNAttr } //if there's no cert that I want to be found,release the resource if(m_pCertContext == NULL) { if (m_pCertContext) { CertFreeCertificateContext(m_pCertContext) m_pCertContext = NULL } if (m_hStore) { CertCloseStore(m_hStore, CERT_CLOSE_STORE_FORCE_FLAG) m_hStore = NULL } } } } return 0 } #2 How do I get the message in below via CryptoAPI? this is a XML file,I have to read the data though CryptoAPI and paste them to a XML,I just don't know how to get it <DigestValue>uBQI2f/2CMbtPbVLni0jL+J1psE=</DigestValue> <SignatureValue>PVfM1YCAU701rshiHuALV6LiLuQKQTPidejsUKyMu4ys3dQhO1a36mAZrjnEN0ZIYcRn7VFTWsjDr8imCGjE09GHnsJY0QtqByjUxBpIaxu95MBiqNy4geFy/PKVFQ19yAtKwNd1jXkvjpN7e4eQ0JhUyfc9rA69KIXonvsF2hE=</SignatureValue> <X509IssuerName>CN=NETCA Individual ClassA CA, OU=Individual ClassA CA, O=NETCA Certificate Authority, C=CA</X509IssuerName><X509SerialNumber>81795886028495042323800393625097362204</X509SerialNumber></X509IssuerSerial><X509Certificate>MIIEBjCCAu6gAwIBAgIQPYlQiyH4Ks50d1Pg0NZbHDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJDTjEkMCIGA1UEChMbTkVUQ0EgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR0wGwYDVQQLExRJbmRpdmlkdWFsIENsYXNzQSBDQTEjMCEGA1UEAxMaTkVUQ0EgSW5kaXZpZHVhbCBDbGFzc0EgQ0EwHhcNMTIwNDE4MTYwMDAwWhcNMTMwNDE5MTU1OTU5WjBzMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMQ0wCwYDVQQHHgRef13eMSUwIwYDVQQDHhxOKk66bUuL1QAyADAAMQAxADAANAAyADIAMAAxMRowGAYJKoZIhvcNAQkBFgt6c0BjbmNhLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1DO/NjAy1++niPTgcVcR3WwQ5z0uiq0qkg/g1mwhXDWZ7V5cAtrGsQVl82SYXBIxaVMPEXPI2ess8rYY7w7KJD/WFMpdRHmK57ZkDsqJbh55D0ylMBPovwJwfmJ6mJwu9+9oU13zlKKetL3eVAIomp3i37YVPWWpRbWTU2GcnG0CAwEAAaOCARQwggEQMB8GA1UdIwQYMBaAFLFHZEQZX2XMQLsGS+l5BOAe7LVOMB0GA1UdDgQWBBShjFOEYwPh3wcsixILjbcCat+4XjBXBgNVHSAEUDBOMEwGCisGAQQBgZJIAQowPjA8BggrBgEFBQcCARYwaHR0cDovL3d3dy5jbmNhLm5ldC9jcy9rbm93bGVkZ2Uvd2hpdGVwYXBlci9jcHMvMBYGA1UdEQQPMA2BC3pzQGNuY2EubmV0MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jbGFzc2FjYTEuY25jYS5uZXQvY3JsL0luZGl2aWR1YWxDQS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAAdTQ0s+EYNLchwSoAb5MvGGFWh24XuQGLJLJ+81F3ww11Ah31GSRqJVoXzhozH9GPym0M77LjUiasWCN47tOuhTN3aVGZfGq2daMq2+j+p6LOya/mbq7w3SdhGa1vTrTjkxXNCRnFHDsLR1ujv40WrQM7HfBJ9TOckDSzGbDXSog14mbGTWJaP+FwDb/4YEH7W4Wy2vcPG5/gbWYWwujvSTDBtK9QXhM48Car2oExnmYAbxiu81z4CPPB0LB/GyxtzsYbB4YItFWTY4E8jcQb+VDRbYruX5k1ndk4zLAu45bqrhInAknr9tlMu01VofDNexz0xqmScEkWqdtLhMDow=</X509Certificate></ any idea? thanks Regards Ken -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160201/ee31a590/attachment-0001.html>