stackoom
  简体   繁体   中英

How to add certificate to X509Store from DSC (USB token)?

 原文  2017-04-18 09:33:36       c#/ cryptography/ x509certificate/ x509/ x509certificate2

Question

I want to add a certificate to X509Store. I am able to add the certificate from .pfx file. But i want to add a certificate from the DSC token. How to achieve this? 

private static void InstallCertificate(string cerFileName)
{
    X509Certificate2 certificate = new X509Certificate2(cerFileName);
    X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);

    store.Open(OpenFlags.ReadWrite);
    store.Add(certificate);
    store.Close();
}

Here cerFileName is the path of the .pfx file but i do not have the pfx file with me. I am using DSC token, so i want to add this certificate to the X509Store. How can i add the certificate from the DSC token?

1 answers

solution1
 0  2017-04-18 15:18:26

If your DSC token behaves with the rest of Windows cryptography as a smartcard, the certutil tool will help. The tool will copy the certificate off of any device it thinks is a smartcard and register the private key address (of being on the smartcard): 

C:\Users\jbarton>certutil -scinfo -silent
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
  0: Gemplus USB Smart Card Reader 0
--- Reader: Gemplus USB Smart Card Reader 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
---   Card: Axalto Cryptoflex .NET
---    ATR:
        3b 16 96 41 73 74 72 69  64                        ;..Astrid


=======================================================
Analyzing card in reader: Gemplus USB Smart Card Reader 0

--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemplus USB Smart Card Reader 0
---   Card: Axalto Cryptoflex .NET
Provider = Microsoft Base Smart Card Crypto Provider
[SNIP bunch of less useful stuff]

CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000041
  Issuer: CN=Mister Issuer, DC=Authority, DC=PKI
  NotBefore: 6/17/2013 4:26 PM
  NotAfter: 6/17/2014 4:26 PM
  Subject: CN=Jeremy Barton, OU=Users, DC=PKI
[more SNIPping]

--------------===========================--------------

Using MMC to view the CurrentUser\\My store (certmgr.msc, Personal->Certificates) should show certificates that came from the smart card after that command. For some reason I ran into a case yesterday where the command ran, and I saw it in MMC, but a tool which opened an X509Store to find the new certificate and make use of it didn't find it for a few seconds (didn't work after 2 seconds, but worked after I checked email and tried again).

(Yes, I know my test smartcard is very old. But, yes, certutil -scinfo copied it over anyways, because it was still on the smartcard, so it's still useful to someone (me!)).

And don't forget -silent , or you'll get PIN-prompted. A lot.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to Add certificate to X509Store X509Certificate IssuedTo / IssuedBy for user display from X509Store Prompt user for password when grabbing X509Certificate from X509Store? how to load password protected certificates from the X509Store? How to correctly use X509Store? SSL Certificate not in X509Store when uploaded to Azure Website How to retrieve all certificates in your X509Store Frequent retrieval of certificates from X509Store Can't read CurrentUser certificates from X509Store how to get public key from X509Store using PublicKey.EncodedKeyValue.Format(true)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM