CAPICOM KeyUsage IsDecipherOnlyEnabled crap

Posted on December 9, 2009. Filed under: bugs, Woes | Tags: |

I was trying to parse a certificate (in VBScript) and found that CAPICOM is returning true for call


But in my certificate the DER BITSTRING is set to B1 (10110001). This means Decipher Only bit is not set and should not be considered (actual DER coding is like this 030200b1 . For a NamedBitString unused/unset trailing bits are removed before encoding. )

So I wondered why CAPICOM is showing it as true when this bit is not set. I looked up into capicom.dll and found this:

CKeyUsage::get_IsDigitalSignatureEnabled and CKeyUsage::get_IsDecipherOnlyEnabled are both set to same address of the function implementation and it looks like code inside returns DigitalSignature flag bit.

Because in my certificate DigitalSignature bit is set, I’m getting back true even for “DecipherOnly” flag. GAAAH!!!

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...