Using CAPI Keys
We now provide the capability to use keys generated by CAPI in CNG applications.
This is provided through the standard NCryptOpenKey
CNG API call.
Passing either AT_SIGNATURE
or AT_KEYEXCHANGE
as the dwLegacyKeySpec
parameter and the CAPI container name as the pszKeyName
parameter will invoke this mode of operation.
The CAPI key will be loaded into the CNG provider and will behave as if it was a CNG key.
Any key authorization required will be handled with a user interface being invoked to prompt the application user to insert the smart card or enter appropriate passphrases.
There is support for Key Usage and Key Counting properties.
The CNG application has to be written such that it calls NCryptOpenKey
to open a CAPI key explicitly.