I want to add a certificate to X509Store. I am able to add the certificate from .pfx file. But i want to add a certificate from the DSC token. How to achieve this?
private static void InstallCertificate(string cerFileName)
{
X509Certificate2 certificate = new X509Certificate2(cerFileName);
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
}
Here cerFileName is the path of the .pfx file but i do not have the pfx file with me. I am using DSC token, so i want to add this certificate to the X509Store. How can i add the certificate from the DSC token?
If your DSC token behaves with the rest of Windows cryptography as a smartcard, the certutil tool will help. The tool will copy the certificate off of any device it thinks is a smartcard and register the private key address (of being on the smartcard):
C:\Users\jbarton>certutil -scinfo -silent
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: Gemplus USB Smart Card Reader 0
--- Reader: Gemplus USB Smart Card Reader 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
--- Card: Axalto Cryptoflex .NET
--- ATR:
3b 16 96 41 73 74 72 69 64 ;..Astrid
=======================================================
Analyzing card in reader: Gemplus USB Smart Card Reader 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemplus USB Smart Card Reader 0
--- Card: Axalto Cryptoflex .NET
Provider = Microsoft Base Smart Card Crypto Provider
[SNIP bunch of less useful stuff]
CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000041
Issuer: CN=Mister Issuer, DC=Authority, DC=PKI
NotBefore: 6/17/2013 4:26 PM
NotAfter: 6/17/2014 4:26 PM
Subject: CN=Jeremy Barton, OU=Users, DC=PKI
[more SNIPping]
--------------===========================--------------
Using MMC to view the CurrentUser\\My store (certmgr.msc, Personal->Certificates) should show certificates that came from the smart card after that command. For some reason I ran into a case yesterday where the command ran, and I saw it in MMC, but a tool which opened an X509Store
to find the new certificate and make use of it didn't find it for a few seconds (didn't work after 2 seconds, but worked after I checked email and tried again).
(Yes, I know my test smartcard is very old. But, yes, certutil -scinfo
copied it over anyways, because it was still on the smartcard, so it's still useful to someone (me!)).
And don't forget -silent
, or you'll get PIN-prompted. A lot.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.