2

I need programmatically extract or import X509 certificate from Smart Card without saving it to personal store. Does anyone know the way to implement it? C sharp language. I can sign with Smart Card CSP. But dont know how read certificate from Smart card

Emin Javadov
  • 140
  • 1
  • 8
  • What smart card? If you want to circumvent the "personal store" you may want to get a development toolkit or a PKCS#11 library for your specific smart card. You could also read the certificate from the card using e.g. the PCSC interface, but that requires low level programming and quite a bit of knowledge. – Maarten Bodewes Feb 12 '13 at 22:34

2 Answers2

3

As far as I understand things, when a SmartCard is inserted, the certificates on it are seamlessly (by Windows) made to appear within the user's Personal Store.

Hence, enumerating the certificates of the Personal store with the card in will reveal the certificate, which you can then Export/copy to wherever you want.

EricLaw
  • 56,563
  • 7
  • 151
  • 196
  • 1
    Note that it's usually not possible to export or copy the private key that corresponds to the certificate. – Eugene Mayevski 'Callback Feb 12 '13 at 20:31
  • Honestly, as I said, I can read certificates from store and make operations on them. But want read certificate directly from smart card. I think it is posible.The main question is how to read it programmaticaly – Emin Javadov Feb 12 '13 at 20:44
  • @Eugene Mayevski 'EldoS Corp ,I know, it's impossible read private key. I want read X509 certificat or can register certificate to store programmatically ? Becouse when delete certificate from store it seem doesnt add to store automaticaly. I do it with Charismathics Smart Security Interface Register Tool. In that toolavailable show certificate,export certificate, import certificate and register certificate. – Emin Javadov Feb 12 '13 at 20:53
  • @EminJavadov Try using PKCS#11 interface - it lets you communicate directly with the smartcard. Please use search and ask new questions about PKCS#11 - comments to answers are not a place for new questions (as StackOverflow is not a forum or a chat). – Eugene Mayevski 'Callback Feb 13 '13 at 06:19
  • @Eugene Mayevski 'EldoS Corp Thanx... I found secureBlackBox but it is to expencive. CertStorage class helped, but but but but $$$$ :) – Emin Javadov Feb 23 '13 at 23:38
2

From smart card point of view, a X.509 certificate is just a binary file, but one needs to find and address the correct file, a functionality provided by the PKCS#11 support for the card.

While the following link is for a thin python layer on top of pkcs #11, the last example may serve as starting point for C# also.

official PyKCS11 module, with sources

guidot
  • 5,095
  • 2
  • 25
  • 37