IntroductionIn this article, you will learn how to use smart card certificates in your .NET application. It covers most of the steps to achieve this from creating the certificate to selecting it in the smart card and using it to perform a PKCS11 signature with the security classes of .NET. In order to apply those concepts, you will need a PKI (Public Key) smart card. Those devices are nowadays very affordable and you can get one with a reader from vendors like Gemalto for less than 80$ (I'm not working anymore with this company...).
BackgroundThis article doesn't demonstrate what you can do with a PKI infrastructure but will show you how easy it is (when you find out how to do it...) to use a smart card PKI device with .NET and C#. Those who have some experience with PKCS#11 library will understand what I mean!
Using a PKI Smart Card as a CSP ProviderYou won't find a lot of code in this article because most of it is done by the framework itself, however I have concentrated in this article on many tricks that I have learned while using a smart card to license the database of our enterprise application. The first step is to generate the PFX certificate which is the format that most smart card utilities use to install certificate on the card. This is a relatively easy process when you know the steps. The important thing is that the private key must be exported. After few searches, I found a short but very useful page that gives the solution and you can get it here. You will need 3 utilities: makecert.exe to create the certificate and its private key
cert2spc.exe to convert the certificate file .cer to the .spc format (Software Publisher Certificate)
pvkimprt.exe which will combine the .spc file and the .pvk into the desired PFX file (PKCS#12 format) makecert and cert2spc are available with Microsoft SDKs and can be found in the "Program Files\Microsoft SDKs\Windows".
pvkimprt is an Office utility that can be downloaded from Microsoft WEB here. In a DOS shell, you'll have to type the following commands after setting the correct path.makecert -r -n "CN=CodeProject" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -sv smartcert.pvk smartcert.cer
cert2spc smartcert.cer smartcert.spc
pvkimprt -pfx smartcert.spc smartcert.pvkThis is going to generate 2 files that we need to use, the smartcert.cer contains only the public key (although it is possible to include the private key) and the smartcard.pfx is a full RSA key pair that is protected by password because the private key is the most sensible part of a certificate. When generation is done, you will be prompted to give passwords. Read more: Codeproject
QR:
BackgroundThis article doesn't demonstrate what you can do with a PKI infrastructure but will show you how easy it is (when you find out how to do it...) to use a smart card PKI device with .NET and C#. Those who have some experience with PKCS#11 library will understand what I mean!
Using a PKI Smart Card as a CSP ProviderYou won't find a lot of code in this article because most of it is done by the framework itself, however I have concentrated in this article on many tricks that I have learned while using a smart card to license the database of our enterprise application. The first step is to generate the PFX certificate which is the format that most smart card utilities use to install certificate on the card. This is a relatively easy process when you know the steps. The important thing is that the private key must be exported. After few searches, I found a short but very useful page that gives the solution and you can get it here. You will need 3 utilities: makecert.exe to create the certificate and its private key
cert2spc.exe to convert the certificate file .cer to the .spc format (Software Publisher Certificate)
pvkimprt.exe which will combine the .spc file and the .pvk into the desired PFX file (PKCS#12 format) makecert and cert2spc are available with Microsoft SDKs and can be found in the "Program Files\Microsoft SDKs\Windows".
pvkimprt is an Office utility that can be downloaded from Microsoft WEB here. In a DOS shell, you'll have to type the following commands after setting the correct path.makecert -r -n "CN=CodeProject" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -sv smartcert.pvk smartcert.cer
cert2spc smartcert.cer smartcert.spc
pvkimprt -pfx smartcert.spc smartcert.pvkThis is going to generate 2 files that we need to use, the smartcert.cer contains only the public key (although it is possible to include the private key) and the smartcard.pfx is a full RSA key pair that is protected by password because the private key is the most sensible part of a certificate. When generation is done, you will be prompted to give passwords. Read more: Codeproject
QR:
Posts
1 comments:
Hiya! You some form of knowledgeable? Nice message.
Can you tell me tips on how to subscribe your blog?
my webpage - why am i not getting pregnant
Post a Comment