I know there has been a lot of confusion about this, because some articles on the web (i.e. MSDN) say CAPICOM is not supported on Vista, while others say it is.
I have good news for you people, especially for those who want to do cryptographic operations from scripting: CAPICOM is officially supported on Vista, but only on its version 18.104.22.168.
This version can be downloaded from here:
Platform SDK Redistributable: CAPICOMhttp://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6&DisplayLang=en
(Note: at the time of this writing, this article DOES NOT say that CAPICOM is supported on Vista).
This new version of CAPICOM was released, among other reasons, because of a security update on CAPICOM:
Security Update for CAPICOM (KB931906)http://www.microsoft.com/downloads/details.aspx?FamilyId=CA930018-4A66-4DA6-A6C5-206DF13AF316&displaylang=en
(Note: this article DOES say that CAPICOM is supported on Vista)
If we try to use version 22.214.171.124 on Vista, for instance, a small .NET sample which uses CAPICOM like the following: "StoreClass store = new StoreClass();store.Open(CAPICOM_STORE_LOCATION.CAPICOM_SMART_CARD_USER_STORE, null, CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_WRITE);"Will return the following exception:"System.Runtime.InteropServices.COMException (0x80880900): Exception from HRESULT: 0x80880900"Which means:"# for hex 0x80880900 / decimal -2138568448 CAPICOM_E_NOT_SUPPORTED capicom.h"
Anyway, my recommendation is to use .NET Framework classes instead of CAPICOM whenever possible.
I hope this helps.
Alex (Alejandro Campos Magencio)
I'm writing an MSI that needs to install a certificate to the root local machine store. I planned on using CAPICOM.Store Open and Load methods but the lack of the COM server on Vista led me to your blog.
My application already has a dependency on .NET 3.5. Do you reccomend redistributing the CAPICOM component or do you reccomend using managed code to perform the certificate installation.
If your advise is the latter, which .NET Framework class is equivilant? I'm sorry but I don't know my way around the BCL that well although once I find what I'm looking for I know how to take it from there.
Sorry for the late response. Too busy these days. I will always recommend to use .NET instead of CAPICOM. X509Store (http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx) would be the class you are seeking.
There are not everyone intalled .net Framework,and I must signed data on client,how to do?
I wonder if anyone can help me.
Recently, a Vista machine running a VB6 application as Standard User failed to start up and there seems to be an error related to the capicom dll (note: on my development machine it works fine with UAC turned on).
The application on this Vista machine uses CAPICOM to verify the digital signature of a dll before loading the application. However, when running the VB6 application elevated with Admin privileges the application loads successfully.
I don’t know why but maybe because of the standard/admin user token. Do you have and suggestions why it works if I elevate privilege?
Sorry, but there is not enough info to know what's going on. You may use Process Explorer tool (you can download it for free from our web) to monitor the application and see if any access to the file system or registry returns Access Denied error. Maybe the standard user has no access to the file storing the signing keys...
I have a web application in which I use capicom to sign HTML form data on client side using digital certificates installed on the client machine. How can I achieve same functionality with .NET code if I have to avoid using CAPICOM? Essentially is it possible to run classes in pkcs name space of .NET on client side from within browser? If yes, any samples for invoking .NET functionality on client from within a web application is very helpful.
Compile as x86, it works, seems to be problems in windows 7, vista x64 systems.
Hola, quisiera que alguien me ayudara sobre el tema de las librerías CAPICOM, en lo referente al uso de la firma con el dni electrónico, ¿hay en realidad alguna versión de las librerías CAPICOM que funcione con el sistema operativo Windows 7 Home Premium?. Para en el caso de que las haya descargármelas, pero si no es así, me ahorro el tener que descargármelas y que no me funcione.
CAPICOM no esta soportado en Windows 7, como comente en este otro post:
Hola Alex, gracias por tu respuesta, me ha sido muy útil.