I am using Wincrypt to create a self-signed certificate, but the certificate it generates has normal RSA Encryption. Is there any way to generate a self-signed certificate with ECDSA.
What I have tried:
Here is my code:
CreateOurCertificate()
{
HRESULT hr = 0;
HCRYPTPROV hProv = NULL;
PCCERT_CONTEXT p = 0;
HCRYPTKEY hKey = 0;
CERT_NAME_BLOB sib = { 0 };
BOOL AX = 0;
try
{
char cb[1000] = {0};
sib.pbData = (BYTE*)cb;
sib.cbData = 1000;
wchar_t* szSubject= L"CN=Certificate";
if (!CertStrToName(CRYPT_ASN_ENCODING, szSubject,0,0,sib.pbData,&sib.cbData,NULL))
throw;
wchar_t* pszKeyContainerName = L"Container";
if (!CryptAcquireContext(&hProv,pszKeyContainerName,MS_DEF_PROV,PROV_RSA_FULL,CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
{
hr = GetLastError();
if (GetLastError() == NTE_EXISTS)
{
if (!CryptAcquireContext(&hProv,pszKeyContainerName,MS_DEF_PROV,PROV_RSA_FULL,CRYPT_MACHINE_KEYSET))
{
throw;
}
}
else
throw;
}
if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey))
throw;
CRYPT_KEY_PROV_INFO kpi = {0};
kpi.pwszContainerName = pszKeyContainerName;
kpi.pwszProvName = MS_DEF_PROV;
kpi.dwProvType = PROV_EC_ECDSA_FULL;
kpi.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
kpi.dwKeySpec = AT_KEYEXCHANGE;
SYSTEMTIME et;
GetSystemTime(&et);
et.wYear += 1;
CERT_EXTENSIONS exts = {0};
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
memset(&SignatureAlgorithm, 0, sizeof(SignatureAlgorithm));
SignatureAlgorithm.pszObjId = szOID_ECDSA_SHA256;
p = CertCreateSelfSignCertificate(hProv, &sib, 0, &kpi, NULL, NULL, &et, &exts);
AX = CryptFindCertificateKeyProvInfo(p,CRYPT_FIND_MACHINE_KEYSET_FLAG,NULL) ;
}
catch(...)
{
}
if (hKey)
CryptDestroyKey(hKey);
hKey = 0;
if (hProv)
CryptReleaseContext(hProv,0);
hProv = 0;
return p;
}