This will not work with CNG(KSP)
Steps 1
1. When we create key/pair, store the KeyContainerName.
2. Sign CSR with created keys and get the certificate(one of CER/DER/PEM/CRT) format.
3. Open the certificate using x509certificate2 class, create CspParameter class. Assign the KeyContainerName to CspParamater class.
4. Create RsaCryptoProvider class using CspParamater, and assign it to PrivateKey of x509certificate2.
5. Using Export(pfx, password) option.
6. Clear RsaCryptoProvider using PersistCsp = false, and Clear().
Note
1. If you don't pass valid KeyContainerName, default will be created. But assigning to PrivateKey property will throw exception about Key mismatch(after all they are strongly related).
2. Clear the KeyContainer for better security purposes.
Sample code to get u started.
CspParameters p = new CspParameters();
p.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
p.ProviderType = 1;
p.KeyContainerName = "your container name";
p.KeyNumber = (int)AT_KEYEXCHANGE;
RSACryptoServiceProvider csp = new RSACryptoServiceProvider(p);
X509Certificate2 cer = new X509Certificate2("sss.cer");
cer.PrivateKey = csp;
byte[] bytes = cer.Export(X509ContentType.Pfx, "12345");
FileStream stream = new FileStream("CASigned.pfx", FileMode.CreateNew);
stream.Write(bytes, 0, bytes.Length);
stream.Close();
X509Certificate2 c1 = new X509Certificate2("CASigned.pfx", "12345");
bool value = c1.HasPrivateKey;
Thursday, 14 July 2011
Wednesday, 13 July 2011
Certificate file types
Two types of encoding used in certificate
1. DER(Distinguished Encoding Rule) - DER encoded certificate.
2. PEM - Base64 encoded certificate - starts with BEGIN CERTIFICATE and ends with END CERTIFICATE.
Above can also used and extensions.
Common extensions
-----------------
1. CRT - Most common among *nix systems
2. CER - alternate form of .CRT (Microsoft Convention)
The only time CRT and CER can safely be interchanged is when the encoding type can be identical. (ie PEM encoded CRT = PEM encoded CER)
1. DER(Distinguished Encoding Rule) - DER encoded certificate.
2. PEM - Base64 encoded certificate - starts with BEGIN CERTIFICATE and ends with END CERTIFICATE.
Above can also used and extensions.
Common extensions
-----------------
1. CRT - Most common among *nix systems
2. CER - alternate form of .CRT (Microsoft Convention)
The only time CRT and CER can safely be interchanged is when the encoding type can be identical. (ie PEM encoded CRT = PEM encoded CER)
Monday, 4 July 2011
Respecting windows UAC while using LsaOpenPolicy
Please use POLICY_VIEW_LOCAL_INFORMATION = 1;
so your code will become
LsaOpenPolicy(SystemName, ref LSA_OBJECT_ATTRIBUTES,
(int)POLICY_VIEW_LOCAL_INFORMATION, out IntPtr)
so your code will become
LsaOpenPolicy(SystemName, ref LSA_OBJECT_ATTRIBUTES,
(int)POLICY_VIEW_LOCAL_INFORMATION, out IntPtr)
Subscribe to:
Comments (Atom)