Discuss this help topic in SecureBlackbox Forum

Import certificate to Windows Certificate Storage

Windows system certificate stores in SecureBlackbox are interfaced by the TElWinCertStorage component (this article explains how to access certificates in WCS). Importing a certificate to a system store is not different from importing to any other certificate storage available in SecureBlackbox. It is performed by the Add() method. While you can use a standard two-parameter Add() variant, TElWinCertStorage adds two overloads to provide a better control over the procedure. certStorage.Add(cert, 'MY', true, false, true); The first parameter specifies the certificate object to be imported. It should contain a properly initialized certificate object (either loaded from somewhere or freshly generated).

The second parameter specifies the name of the system store in Windows CryptoAPI format (either 'MY', 'CA', 'ROOT' or 'AddressBook').

The third parameter tells whether the private key should be copied to the storage. This is only possible if the certificate contained in the cert object has an associated private key in the explicit form (array of bytes).

The Exportable parameter specifies whether the private key should be marked as exportable. If it is false, the key export from the system won't be allowed. Still, the key could be used for signing and other cryptographic operations.

The last parameter (Protected) indicates whether Windows should warn the user each time the private key of the certificate is accessed. The warning will appear in the form of a message dialog.

If the certificate contained in the cert object does not have an associated private key, or if CopyPrivateKey is false, Exportable and Protected parameters are ignored.

Read more about system stores, their Access types and other properties in the corresponding how-to article.

How To articles about certificate storages

Discuss this help topic in SecureBlackbox Forum