CAPICOM KeyUsage IsDecipherOnlyEnabled crap

Posted on December 9, 2009. Filed under: Woes, bugs | Tags: CAPICOM |

I was trying to parse a certificate (in VBScript) and found that CAPICOM is returning true for call

Certificate.KeyUsage.IsDecipherOnlyEnabled

But in my certificate the DER BITSTRING is set to B1 (10110001). This means Decipher Only bit is not set and should not be considered (actual DER coding is like this 030200b1 . For a NamedBitString unused/unset trailing bits are removed before encoding. )

So I wondered why CAPICOM is showing it as true when this bit is not set. I looked up into capicom.dll and found this:

CKeyUsage::get_IsDigitalSignatureEnabled and CKeyUsage::get_IsDecipherOnlyEnabled are both set to same address of the function implementation and it looks like code inside returns DigitalSignature flag bit.

Because in my certificate DigitalSignature bit is set, I’m getting back true even for “DecipherOnly” flag. GAAAH!!!

Read Full Post | Make a Comment ( None so far )

CAPICOM KeyUsage IsDecipherOnlyEnabled crap

Recently on A Glitch in Code Takes Nine Department...

BinScope and other SDL tools

Clearcase MVFS corrupts file – Cannot delete file “Invalid DOS Function”

FRAVIA Passed Away

Overview on rootkits

WinDbg 6.11.1.402 released

WinDbg internal release with CLR support

Storing your Debug Symbols

WinDbg New Release 6.10.3.233

Aphorism for Christmas 2008

IGroupPolicyObject::New will fail if thread is impersonating or identity or delegation

About

RSS

Subscribe Via RSS

Meta

SIMIAN ART DEPARTMENT

Top Posts

.NET

Blogroll

Debugging

Misc.

MSDN

Security

Vista