CreaSign uses the operating system's services for storing and accessing certificates and associated private keys. CreaSign can use any digital certificate that is stored in the CryptoAPI certificate store.
Certificates are identified by certificate names. A certificate name has the following format:
[CERTSTORE=StoreLocation\StoreName;]CertificateReference
Here is an example of a certificate name:
CERT_STORE=LOCAL_MACHINE\My;CERT_FIND_SUBJECT_STR=Karl the Great
The first part is optional. It specifies the location of the certificate store. The following locations are supported:
The StoreName specifies the name of the store. When creating a signature, you should use the 'MY' store.
When the first part of a certificate name is not specified, the 'MY' store of CURRENT_USER is used.
The second part of the certificate name is not optional. It is used to find the certificate in the specified store. The following search criteria are supported:
| Criterion | Description | Example |
|---|---|---|
| CERT_FIND_SUBJECT_STR=xxx | Find the certificate based on the subject's name. The case insensitive substring search is performed. | 'CERT_FIND_SUBJECT_STR=great' would match the certificate with the subject 'Karl the Great' |
| CERT_FIND_HASH=xxx | Find the certificate based on its SHA-1 thumbprint. The thumbprint is specified as a base64 encoded byte array. | CERT_FINDHASH=a6Hfae9d |
| CERT_HASHHEX=xxxx | Find the certificate base on its SHA-1 thumbprint. The thumbprint is specified as a hexadecimal number as displayed in Internet Explorer, but without spaces. | CERT_HASHHEX= BD9680E764F700CCA42F1F1BE316C6795A2C31F8 |
| integer | Find the certificate based on its position in the certificate store. | 4 |
If more than one certificate matches the criteria, the first one is returned. When creating signatures you should use a thumbprint to identify a certificate in order to avoid security risks.
(c) Crea 2002-2006