cryptoAPI Key-Container Tool: Details

M. Gallant 10/22/2002

The key-container tool uses a combination of CAPICOM 2 vbs scripting, and a signed Java applet to implement the functionality. The signed Java applet KeyContainerTool.class provides four utility methods:

getAllSubkeys() simply returns a String array containing an enumeration of all subkey names specified in the arguments. The method is called from script to list all CU or LM certificate stores, as found in the registry. It only implements the ability to READ registry keys (no writing).

getAllCUContainers() returns a String array containing an list of all Current User key containers. J/Direct is used to call the native Advapi32.dll function CryptGetProvParam() with the PP_ENUMCONTAINERS flag. The method is declared public, and asserts permissions and therefore is scriptable.

deleteKeyContainer(String container) deletes the key-container specified (Current_User location only). J/Direct is used to call the native Advapi32.dll function CryptAcquireContext() with the CRYPT_DELETEKEYSET flag. The method is private, and NOT scriptable. Any win32 error is reported to the status textarea window in the Java applet, if key deletion fails, otherwise successful deletion is reported.

CertManagerCU() launches the IE Certificate Manager control panel using "rundll32.exe cryptui.dll,CryptUIStartCertMgr"

Scripted CAPICOM 2 provides details of the certificates for each store listed, and for certificates with private keys, lists some details (key container name, key size etc..).

Any key containers NOT associated with a certificate in any of the CU certificate stores are listed at the end of the page listing. Typically, these certificates are associated with development/testing activity and might be considered targets for deletion, after CAREFUL consideration.

Compiling, Archiving and Code Signing

  jvc /x-

  cabarc -p n KeyContainerTool.class

  signcode -j javasign.dll -jp LOW -s mystore -cn "My CN" -n "Key-Container Tool" 
           -t ""

Michel I. Gallant