CAPICOM KeyUsage IsDecipherOnlyEnabled crap

Posted on December 9, 2009. Filed under: bugs, Woes | Tags: |

I was trying to parse a certificate (in VBScript) and found that CAPICOM is returning true for call

Certificate.KeyUsage.IsDecipherOnlyEnabled

But in my certificate the DER BITSTRING is set to B1 (10110001). This means Decipher Only bit is not set and should not be considered (actual DER coding is like this 030200b1 . For a NamedBitString unused/unset trailing bits are removed before encoding. )

So I wondered why CAPICOM is showing it as true when this bit is not set. I looked up into capicom.dll and found this:

CKeyUsage::get_IsDigitalSignatureEnabled and CKeyUsage::get_IsDecipherOnlyEnabled are both set to same address of the function implementation and it looks like code inside returns DigitalSignature flag bit.

Because in my certificate DigitalSignature bit is set, I’m getting back true even for “DecipherOnly” flag. GAAAH!!!

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: