The signature is the signature of the csp shell. Congratulations on finally getting it. MS usually handles all signature requests on Thursdays or Fridays.

You said that there are endless problems in debugging CSP. This problem is divided into many types;

1. First, you need to make sure that all the data when calling the CryptAPI interface is passed. Here it is. It means whether the data passed in through the CryptAPI interface parameters is complete and correctly transmitted to your logical CSP interface. If even this is not possible, then there is no need to read further. Let’s get the data through first (rewrite the shell, verify the interface parameters, and finally request a signature)

2. If the interface is through, then Congratulations on building the "road". It depends on how you use this "road". The key to debugging CSP is that you first need to understand the process of using the CSP interface, such as how to encrypt a piece of data and how to sign a piece of data. If you don't even know the basic usage process, then you will naturally not be able to debug. So you need to figure out the interface calling process. There are many handles involved in CryptAPI, which are actually associated with some CSP resources, such as "CSP.dll provider", "key container", "signing key pair", "exchange key pair", "temporary key pair" Key pair", "hash object" and so on. Their inclusion relationship must be understood.

3. If you have a clear understanding of the internal structure of CSP, the problem at this time is basically to design and develop the internal logical structure. I think this shouldn't be a big problem. The most difficult thing is correctness debugging. This correct debugging refers to whether the pre-encrypted data and the decrypted data are consistent, whether the original text of the signature and the signature information are verified, etc.

In addition, when you talk about csp11, I don’t know if you are talking about pkcs11. CSP and PKCS11 have different interfaces and different processes, so you must implement CSP yourself. CSP is a security standard interface proposed by MS, while PKCS11 is a standard interface used in non-MS systems. As for the certificate, you can directly install the ca that comes with the setup in 2003, and use IE to access the web homepage provided by the ca setup in the 2003 system to apply for the certificate. I can send you information on the specific operation.

Everyone who has just started to come into contact with CSP will be a little confused, but when you go deeper, you will find that everything is not as difficult as you think. When I started to come into contact with CSP, I had only a little knowledge. Now we have a framework understanding of CSP. As for the log file you mentioned, I really don't have one. Because I didn’t seem to use logs when adjusting CSP. Finally, it is recommended that you use MS's CryptAPI interface. For example, CryptAPI writes some encryption software, HASH function algorithms, signature functions, etc. You can only understand this thing when you are familiar with it. If you don't have a comprehensive understanding of this thing at the beginning, then naturally you will not be able to start.