0

I am trying to implement HTTP communication authenticated by client certificate. When sending an HTTP request on "normal" (i.e. not Compact) .NET Framework, it's quite simple:

HttpWebRequest request = ...;
string certificatePath = ...;
string certificatePassword = ...;

request.ClientCertificates.Add(
    new X509Certificate(certificatePath, certificatePassword));

However, on Compact Framework 3.5, X509Certificate has only one constructor which accepts byte array and nothing else. I suppose that I should read a certificate file and pass its contents into that byte array, but what about the password? How should I specify it on Compact Framework?

Nikola Anusev
  • 6,940
  • 1
  • 30
  • 46
  • I would assume the password would be included in the byte array. What does the documentation say? The following should answer your questionsm, if it doesn't, do some research on the subject. Source: http://msdn.microsoft.com/en-us/library/5128sby8.aspx – Security Hound Jul 19 '12 at 15:43
  • @Ramhound Yes, I would assume that as well, but I do not exactly know how. Of course, I've already browsed over documentation and done some Googling, but to no avail. That's why I am asking the question :) – Nikola Anusev Jul 19 '12 at 17:04

2 Answers2

0

I did not find any way to use X509Certificate and password.

In the end, I've decided to use X509Store and grab certificates from there. This will make deployment a bit more difficult then originally anticipated, but at least it's doable :)

Nikola Anusev
  • 6,940
  • 1
  • 30
  • 46
0

I'm two years late, but I stumbled across this question in my own research.

If you look closely at the documentation's example code, you see that you have to first open the PFX file and then export it before creating another instance of the X509Certificate class.

The way I understood this is as follows: the full .NET Framework API (i.e., on the desktop) takes a password parameter for the class' constructor as an overload. So, using the full framework, you export the certificate's raw data (i.e., without the securing password) using the Export method and then store the resulting byte array into a file. Afterward, you transfer that file to the mobile device, read the file into a byte array and pass that to the X509Certificate constructor on the Compact Framework.

Of course, this is the "raw" way of going about the problem. One has to then take care to secure the data being transferred in some way.

On further reading, exporting the PFX file in this way does not include the private key, though.

Hernan Gatta
  • 13
  • 4