The notion of a cryptographic context is central to CryptoAPI. It is a handle
that connects a certain Cryptographic Service Provider with one of its key containers.
AspEncrypt provides an object, CryptoContext, that encapsulates the functionality
of a cryptographic context. An instance of the CryptoContext object is created using CryptoManager's
method OpenContext.
In Windows NT, the Microsoft CSPs stores key containers in two sections of the system registry: HKLM\...\Cryptography\MachineKeys and
HKCU\...\Cryptography\UserKeys. Therefore, a key container is uniquely identified by its name and a flag
indicating whether the key is located under the HKLM or HKCU sections of the registry.
Likewise, Windows 2000 stores key containers in two folders underneath the \Documents and Settings tree:
\<current user>\Application Data\Mcrosoft\Crypto\RSA and \All Users\Application Data\Microsoft\Crypto\RSA.
Accordingly, the CM.OpenContext method accepts two arguments: a key name and a Boolean
value which means HKLM if set to True and HKCU otherwise (in Windows 2000 it means the All Users or <current user> folders, respectively). Generally, the following rule applies:
if you are using AspEncrypt from a stand-alone application with a user interface you should
set the Boolean parameter to False. If AspEncrypt is to run in the context of a non-interactive user (such as
in an ASP or ISAPI application) you should
set the Boolean parameter to True.
' VB code
Dim CM As CryptoManager
Dim Context As ICryptoContext
Set CM = New CryptoManager
Set Context = CM.OpenContext("mycontainer", False)
|
<%
' ASP code
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Context = CM.OpenContext("mycontainer", True)
%>
|
The OpenContext method attempts to open the specified key container. If a container by the
specified name does not exist the method creates it. If the container happens to be empty (i.e.
contains no key pairs) the method creates two key pairs: one for key exchange and the other
for digital signatures.
On Windows NT, you may experience the following error when calling OpenContext in the ASP environment:
Persits.CryptoManager.1 error '800a0001'
Keyset does not exist
This is a security problem and can be fixed by modifying
permissions on the corresponding container key in the system registry.
See question Q202 of the FAQ.
The Windows 2000 equivalent of this error message is, surprisingly,
Persits.CryptoManager.1 error '800a0001'
Object already exists
Question Q204 of the FAQ covers this error.
It's not clear why CryptoAPI developers insist on using error messages that
are rather irrelevant to the actual error condition, in this case - lack of permissions.