Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

Index of Chilkat Blog Posts

August 2, 2006


Question: How does Chilkat’s Mime.UnwrapSecurity search for a certificate?

Usually the digital certificates are embedded within the signature part or encrypted message, so it is technically not necessary to locate the digital certificate on the system. However, if the certs are not included, UnwrapSecurity first checks the Local Machine store, followed by the Current User store.

A private key is necessary for decryption. The private key must be present in the calling process’s Windows Protected Store. In other words, you need to have the digital certificate installed WITH a private key (to decrypt a message). Technically, the certificate (located in a registry-based certificate store) may not need to be accessed, but the private key (located in the Protected Store) is needed. NOTE: This is a common problem. Developers test their programs interactively within the context of a logged-on user, and then deploy under ASP.NET or within a Windows Service only to find that decryption stops working. It’s because the private key is not available in the process’s logged-on user’s protected store.

When "unwrapping" a digital signature (i.e. validating the signature), only the public key is required.

Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to

Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.