Get info about local digital certificates with WSE 2.0 and .NET

Orka

Rate me:

4.60/5 (4 votes)

27 Feb 20072 min read

45.1K

315

This article describes how to get information about digital certificates stored on your local machine. It also shows how to search certificates by name, and retrieve a certificate hash.

Download source - 7.9 KB

Introduction

First at all, I want to mention that this is my first article, so I will ask everybody to be patient and forgiving :) This article describes how to get information about digital certificates stored on your local machine; to be more specific, it looks into your System provider. It also shows how to search a certificate by name, and retrieve the certificate hash. For more info about .NET cryptography, read this article.

Background

There has been a lot of articles published about cryptography classes in .NET, so I will not go into details on that, but instead I suggest you to read article that I mentioned above. In this article, I will show you how to access your digital certificate information and use it; particularly, I will give you an example of how to retrieve information from the "CurrentUser" and "LocalMachine" Store Locations. If you need to search for a certificate by name or if you are planning to get the certificate hash, this article is for you. Recently, I had to write some code that had to find a certificate based on the name of the certificate or the certificate key. After that, I had to encrypt some data using that certificate's private key. While it sounds easy, when you try to code this, you will notice that you can't really see the hash value because it's encoded. Therefore, I had to get the certificate and then convert that to a string first.

Code

In the heart of this project, I have a function getCertFromStore that will retrieve all certificates from the store based on the requested certificate info. It has an optional parameter Name that will search for certificates with that name.

Public Function getCertFromStore(ByVal pCert_info As X509_Certificate_info, _
                ByRef psError_Msg As String, _
                Optional ByVal Name As String = "") _
                As X509CertificateCollection
    Dim certLocation As X509CertificateStore.StoreLocation

    If pCert_info.Certficate_Location = "LocalMachine" Then
        certLocation = X509CertificateStore.StoreLocation.LocalMachine
    ElseIf pCert_info.Certficate_Location = "CurrentUser" Then
        certLocation = X509CertificateStore.StoreLocation.CurrentUser
    Else
        psError_Msg = "Error Setting Location"
        Return Nothing
    End If

    Dim certProvider As X509CertificateStore.StoreProvider

    ' for this test use system provider
    If pCert_info.Provider = "System" Then
        'Opening the System Store
        certProvider = X509CertificateStore.StoreProvider.System
    Else
        psError_Msg = "Retrieving certificate data: " & _ 
                      "StoreProvider is not SYSTEM Store "
        Return Nothing
    End If

    Dim certStore As X509CertificateStore
    'Specify store there certificates reside
    If pCert_info.Store_Name.ToUpper = "MY" Then
        certStore = New X509CertificateStore(certProvider, _
                    certLocation, pCert_info.Store_Name)
    ElseIf pCert_info.Store_Name.ToUpper = "ROOT" Then
        certStore = _
           X509CertificateStore.LocalMachineStore(
           X509CertificateStore.RootStore.ToString())
    Else
        psError_Msg = "Unknown Store"
        Return Nothing
    End If

    Try
        ' Try opening certificate store store
        Dim boolOpen As Boolean = certStore.OpenRead()
    Catch ex As Exception
        psError_Msg = "Can not open certificate store for Provider:" & _
                      certProvider & " Location:" & _
                      certLocation & " Store Name:" & _
                      pCert_info.Store_Name
        Return Nothing
    End Try

    Dim cersCollection As X509CertificateCollection
    If Name <> "" Then
        'Search for the certificate in the store based
        ' on the subject name (exact match)
        cersCollection = certStore.FindCertificateBySubjectString(Name)
    Else
        cersCollection = certStore.Certificates
    End If


    Return cersCollection

End Function

After getting all the certificates from the store, we can get all the information about individual certificates, as needed.

txtName.Text= certMy.GetName
txtHash.Text = System.Convert.ToBase64String(certMy.GetKeyIdentifier)

I also do a check to make sure I have the private key if I need to use the RSACryptoServiceProvider.

Try
    rsaCSP = CType(certMy.Key, RSACryptoServiceProvider)
    MsgBox("You have access to private keys on this certificate", _
           MsgBoxStyle.Information)
    'Here you can start encrypting stuff

Catch ex As Exception
    MsgBox("Error Getting RSACryptoServiceProvider" & _
           ex.Message, MsgBoxStyle.Critical)
End Try

Conclusion

Even though this code is not really complicated, it becomes handy when you need to use certificate hashes since you will not be able to use that from the Certificate console. Please note that certMy has a lot of properties that you can use.

About me

Check my freelancing site for more info.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Written By

Orka

United States

This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.