如何从DSC(USB令牌)向X509Store添加证书?
[英]How to add certificate to X509Store from DSC (USB token)?
问题描述
I want to add a certificate to X509Store. 
我想向X509Store添加证书。 I am able to add the certificate from .pfx file. 我可以从.pfx文件添加证书。 But i want to add a certificate from the DSC token. 但是我想从DSC令牌添加证书。 How to achieve this? 如何实现呢?
private static void InstallCertificate(string cerFileName)
{
X509Certificate2 certificate = new X509Certificate2(cerFileName);
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
}
Here cerFileName is the path of the .pfx file but i do not have the pfx file with me. 在这里cerFileName是.pfx文件的路径,但是我没有pfx文件。 I am using DSC token, so i want to add this certificate to the X509Store. 我正在使用DSC令牌,因此我想将此证书添加到X509Store。 How can i add the certificate from the DSC token? 如何从DSC令牌添加证书?
1 个解决方案
解决方案1
0 2017-04-18 15:18:26
If your DSC token behaves with the rest of Windows cryptography as a smartcard, the certutil tool will help. 如果您的DSC令牌与Windows加密的其余部分一起充当智能卡,则certutil工具将为您提供帮助。 The tool will copy the certificate off of any device it thinks is a smartcard and register the private key address (of being on the smartcard): 该工具将从任何它认为是智能卡的设备上复制证书,并注册(在智能卡上)私钥地址:
C:\Users\jbarton>certutil -scinfo -silent
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: Gemplus USB Smart Card Reader 0
--- Reader: Gemplus USB Smart Card Reader 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
--- Card: Axalto Cryptoflex .NET
--- ATR:
3b 16 96 41 73 74 72 69 64 ;..Astrid
=======================================================
Analyzing card in reader: Gemplus USB Smart Card Reader 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemplus USB Smart Card Reader 0
--- Card: Axalto Cryptoflex .NET
Provider = Microsoft Base Smart Card Crypto Provider
[SNIP bunch of less useful stuff]
CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000041
Issuer: CN=Mister Issuer, DC=Authority, DC=PKI
NotBefore: 6/17/2013 4:26 PM
NotAfter: 6/17/2014 4:26 PM
Subject: CN=Jeremy Barton, OU=Users, DC=PKI
[more SNIPping]
--------------===========================--------------
Using MMC to view the CurrentUser\\My store (certmgr.msc, Personal->Certificates) should show certificates that came from the smart card after that command. 使用MMC查看CurrentUser \\ My存储(certmgr.msc,“个人”->“证书”)应在该命令之后显示来自智能卡的证书。 For some reason I ran into a case yesterday where the command ran, and I saw it in MMC, but a tool which opened an X509Store to find the new certificate and make use of it didn't find it for a few seconds (didn't work after 2 seconds, but worked after I checked email and tried again). 出于某种原因,我昨天遇到了一个命令运行的情况,并且在MMC中看到了它,但是打开X509Store来查找新证书并利用它的工具几秒钟都没有找到它(不是吗?无法在2秒钟后开始工作,但在我检查了电子邮件并再次尝试后才开始工作)。
(Yes, I know my test smartcard is very old. But, yes, certutil -scinfo copied it over anyways, because it was still on the smartcard, so it's still useful to someone (me!)). (是的,我知道我的测试智能卡很旧。但是,是的, certutil -scinfo将其复制了,因为它仍在智能卡上,因此对某人(我!)仍然有用)。
And don't forget -silent , or you'll get PIN-prompted. 并且不要忘记-silent ,否则您将得到PIN提示。 A lot. 很多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.