SimpleCAPI and the Case of the Disappearing KeySet

Posted on by Walt Turnes

After recently upgrading to Windows 7, I installed our company’s SimpleCAPI tool to import some test certificates for a project. While I was unit testing my new code, I discovered some strange things had occurred during the certificate import process. Some native CAPI code I had written was failing with a “KeySet does not exist” error, but only for certain certificates. So, I fired up SimpleCAPI again, deleted the certificates, and re-imported them. After doing that, the unit tests ran fine.

Some time later, I ran into a similar problem unit testing another segment of code, and the same fix worked for that problem as well. After retracing my steps a bit and trying to re-create the error, I found that the keysets could only not be loaded when I had launched SimpleCAPI as an Administrator in Windows 7 to install the certificates, and my unit test project was not run under an Administrator context. However, when the certificates were imported in a SimpleCAPI session that was not launched as an administrator, then the keys were available regardless of the unit test context.

This probably isn’t going to be a problem that’s widely experienced, as 999 times out of 1000 (1), certificates are imported using the standard Windows certificate wizard, not an external application like SimpleCAPI. However, I do need to figure out why this is happening. My guess is simply that the key container created during the certificate import is flagged with administrator access only, so attempting to acquire a handle to the key context in my native CAPI code was failing due to a read/write permissions error, not a problem with the KeySet’s existence.

I also need to fix the CAPI code so that the key handle can be obtained with a read-only context. Hopefully that will get around the problem entirely. Regardless, I took this as a lesson that the “Run as Administrator” shortcut in Windows 7 can have more subtle implications than just granting some extra privileges for an application. This is something that I’ll need to keep in mind when developing Windows applications going forward.

1: 84% of all statistics are made up on the spot.