0

I created the following C# code:

        X509Store x509Store = null;
        x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

        Debug.WriteLine("Certificates!");
        foreach (X509Certificate2 certificate in x509Store.Certificates)
        {
            Debug.WriteLine(certificate.ToString());
        }

This is just a proof of concept. I have to do the same thing in ms-access-vba.

I could create a C#-assembly with a com-class to call the code out of vba but this is a lot of trouble because the registration of the com-object needs admin rights. So I want to avoid this.

Is there a way to access the certificates directly out of vba (=without using C# at all)?

Gener4tor
  • 414
  • 3
  • 12
  • 40
  • 2
    This question is pretty broad. There are generally two approaches you can use in VBA: COM-based (CAPICOM, deprecated) and WinAPI-based (CryptoAPI, difficult). If admin rights are the problem, you can see [Registering .Net COM DLLs without Admin rights / regasm](https://stackoverflow.com/questions/37193356/registering-net-com-dlls-without-admin-rights-regasm). I've posted a script under there that automates registering COM DLLs on a per-user basis without needing admin rights. – Erik A Jun 12 '19 at 12:50
  • Thanks for the link. I was not aware that its possible to registering COM without admin rights. But anyway, this is not just about the admin rights. There are also a lot of deployment stuff which have to be changed in order to make this work. I can do this but only if it is absolutly nessesary. I would prefere the CryptoAPI approach to open the store, read the certificates and query their properties. – Gener4tor Jun 12 '19 at 13:03
  • 1
    Well, as said, that's difficult. I don't have an example ready and am not going to write up one because it's pretty much outside of the scope of Stack Overflow. I can throw you [this link](https://learn.microsoft.com/en-us/windows/desktop/seccrypto/example-c-code-for-opening-certificate-stores), but using it requires knowledge on how to translate C concepts and API function calls to VBA, which is a pretty advanced subject. – Erik A Jun 12 '19 at 13:08
  • Thanks. Ill try it. This will not be the first api-calls in my vba programs. – Gener4tor Jun 12 '19 at 13:13
  • 1
    Ah, good luck, then. After opening the store using the previous link, you can use [`CertEnumCertificatesInStore`](https://learn.microsoft.com/en-us/windows/desktop/api/Wincrypt/nf-wincrypt-certenumcertificatesinstore) to enumerate the certificates. Don't forget to answer your own question if you succeed! – Erik A Jun 12 '19 at 13:25

0 Answers0