Using CAPI Keys

We now provide the capability to use keys generated by CAPI in CNG applications. This is provided through the standard NCryptOpenKey CNG API call. Passing either AT_SIGNATURE or AT_KEYEXCHANGE as the dwLegacyKeySpec parameter and the CAPI container name as the pszKeyName parameter will invoke this mode of operation. The CAPI key will be loaded into the CNG provider and will behave as if it was a CNG key. Any key authorization required will be handled with a user interface being invoked to prompt the application user to insert the smart card or enter appropriate passphrases. There is support for Key Usage and Key Counting properties.

The CNG application has to be written such that it calls NCryptOpenKey to open a CAPI key explicitly.