2. NSIS Discussion
  3. Read local certificate store

Archive: Read local certificate store


cssguy
29th July 2009 12:58 UTC

Read local certificate store
  Hi Team,

I am new to NSIS world.. Please help me to solve this issue.

Q: How can I read a local current certificate store of windows OS ?.I need to check how many personal certificates are there for the logged in user. I have seen some vbscript examples using capicom.dll to open and read certificate information.

Is there any way to use the same dll in NSIS ? please give some input to sort out this issue.

--cssguY

Afrow UK
30th July 2009 00:28 UTC

If you don't want to write a wrapper dll, executable or call capicom.dll via the System plugin then you could run your VBS using ExecShell (or directly via Exec with wscript.exe).

Stu

kichik
3rd August 2009 09:44 UTC

You can start off with this:
http://nsis.sourceforge.net/Import_Root_Certificate

f0rt
4th August 2009 18:28 UTC

The following sample code lists the certificates in a store.


OutFile "cert.exe"


>!include "LogicLib.nsh"


>!define CERT_STORE_CERTIFICATE_CONTEXT  1

>!define CERT_NAME_SIMPLE_DISPLAY_TYPE   4


>Function display_certs

 ; Save registers

  Push$1

  Push$2

  Push$3

  Push$4


 ; Open system certificate store that holds certificates with associated private keys.

 System::Call "crypt32::CertOpenSystemStore(i 0, t 'MY') i.r1" 

 ${If} $1 != 0

     StrCpy$2 0

    ; Loop through certificate store

     ${Do}

        System::Call "crypt32::CertEnumCertificatesInStore(i r1, i r2) i.r2"

        ${If} $2 != 0

            System::Call "crypt32::CertGetNameString(i r2, \

               i ${CERT_NAME_SIMPLE_DISPLAY_TYPE}, i 0, i 0, \

               t .r4, i ${NSIS_MAX_STRLEN}) i.r3"

           ${If} $3 != 0

              ; Report certificate name

               MessageBox MB_OK "Certificate: $4"

            ${EndIf} 

         ${Else}

            ${ExitDo}

         ${EndIf}

     ${Loop}

    System::Call "crypt32::CertCloseStore(i r1, i 0)"

  ${EndIf}

  

  ; Restore registers

  Pop$4

  Pop$3

  Pop$2

  Pop$1

FunctionEnd


>Function .onInit

  InitPluginsDir

  Call display_certs

  Quit

FunctionEnd 

>

idna
18th January 2012 15:27 UTC

Originally posted by kichik
You can start off with this:
http://nsis.sourceforge.net/Import_Root_Certificate
Hi, I have a short question regarding the "Import Root Certificate" script, rather than the thread's topic: is the script supposed to work when installer is executed by a non-admin windows user? Because in my case the generated installer gives me the "Unable to add certificate to certificate store" error which in turn leads me to "crypt32::CertAddCertificateContextToStore ..."; is there some workaround?

Thanks in advance.

MSG
18th January 2012 18:55 UTC

One easy way to test this would be to run your installer as admin...

idna
18th January 2012 21:06 UTC

Hi; I forgot to mention that if I run the installer as administrator or admin-like user then there is no error in the certificate import section. But I have this constraint, the installer must work for non admin users as well.

idna
19th January 2012 14:19 UTC

Me again. I modified the code in the sense that I check the user account type: if it's admin then I open the Local Machine store otherwise the Current User store and it no longer fails. The drawback is that in the second scenario, the user is prompted to choose whether to install the certificate or not, but at least it works.

Fork me on GitHub