Public Key Encryption and Certificate Stores

Question:

1.) I have been reading some Windows documentation about the Windows Crypto API and it seems to talk a lot about only 512 bit encryption on early versions of Windows (95/98/me). Are the Chilkat components bound by this or do they allow 1024 bit encryption across all win platforms?

2.) If you delete a digital certificate from the MS cert store does that mean you cannot re-import it back into the store?

3.) Is this true of memory & file-based cert stores created using ChilkatCearteCS?

4.) Can I create cert stores on all Windows platforms?

4.5) Are memory cert stores faster to create and use than file and registry based?

5.) Do I have to have a CA root cert in the cert store in order to verify a cert?

6.) Do you add CA root certs the same way a normal .cer certs to a cert store?

7.) Do you have a code sample verifying a cert on an incoming email prior to opening the email?

8.) Does the Chilkat Email ActiveX sign a email with the private key from all certs having the same FROM email address if more than one DC with the same email address in the same store?

Answer:

1.) I have been reading some Windows documentation about the Windows Crypto API and it seems to talk a lot about only 512 bit encryption on early versions of Windows (95/98/me). Are the Chilkat components bound by this or do they allow 1024 bit encryption across all win platforms?

Chilkat's public-key encryption and digital signature functionality is built upon the Windows Crypto API. It can use any CSP (Cryptographic Service Provider). Because it is open-ended, I do not know whether > 512 bit encryption is available on Windows 95/98/ME. I think you might be able to get higher encryption on Win 95/98/ME if you install the "Internet Explorer High Encryption Pack".

2.) If you delete a digital certificate from the MS cert store does that mean you cannot re-import it back into the store?

No, you can re-import it into a certificate store.

3.) Is this true of memory & file-based cert stores created using ChilkatCearteCS?

Memory and file-based cert stores can be created using ChilkatCreateCS, and certificates can be imported, exported, and re-imported into these stores.

4.) Can I create cert stores on all Windows platforms?

YES.

4.5) Are memory cert stores faster to create and use than file and registry based?

Only faster in the general sense that it is faster to access memory than disk.

5.) Do I have to have a CA root cert in the cert store in order to verify a cert?

No, the signature on a certificate can be checked without the root being present. You can also check to see if the certificate has a trusted root installed on the system.

6.) Do you add CA root certs the same way a normal .cer certs to a cert store?

YES.

7.) Do you have a code sample verifying a cert on an incoming email prior to opening the email?

Chilkat automatically "unwraps" the security envelopes of signed/encrypted emails when received. You can force Chilkat to not auto-unwrap by setting the AutoUnwrapSecurity property to false. When a signed email is received, you can simply check the "ReceivedSigned" property, and if true, you can check the SignaturesValid property to see if the signature was verified. If so, you can call GetSignedByCert to return the certificate object of the signing certificate.

8.) Does the Chilkat Email ActiveX sign a email with the private key from all certs having the same FROM email address if more than one DC with the same email address in the same store?

No, it will arbitrarily pick the first matching one it finds. However, you can call SetSigningCert to designate a specific certificate that is to be used for signing.