I am trying to get the details of keys in Microsoft Key Storage Provider. For this I open the storage provider using the below API call: NCryptOpenStorageProvider(&prov, MS_KEY_STORAGE_PROVIDER, 0); Then I call NCryptEnumKeys in a while loop to get the key details. However I am only able to get one key from the KSP. During the second iteration of the loop NCryptEnumKeys returns NTE_NO_MORE_ITEMS. But I have at-least 3 certificates in my local machine store that have Microsoft Key Storage Provider as Provider. I have confirmed the same through certutil -store my command.
What could possibly be wrong?

Thanks in advance.

CodePudding user response：

After days of analysis and discussions, finally I was able to identify the root cause. It is related to privileges. If I run with Admin privilege, I can extract keys for ECDSA certificate as well from the Local Machine certificate store. If you do not intend to use Admin privilege, just take the certificate manager or mmc and select the certificate, take All tasks > Manage Private Keys give privileges as required.