Importing pfx/p12 file into smartcard c#

Question

Is there a way to Import a .p12/pfx file to Smartcard programmatically? I know it works via certutil:

certutil -user -p "pw" -csp "csp" -importpfx path

I am using "Microsoft Base Smart Card Crypto Provider"

Via certutil it is working thus I am sure it also should using c# (maybe CRYPTOAPI)...I just don´t want to use kind of (starting cmd adding the "Import string"):

System.Diagnostics.Process process = new System.Diagnostics.Process();
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;  
startInfo.FileName = "cmd.exe";            
startInfo.Arguments = strCmdText;           
process.StartInfo = startInfo;            
process.Start();

to Import the pfx!

But I have no clue how this could work programmatically in c#. Any help will be appreciated.

Answer 1

You can import a PFX/P12 file into a smart card using C# by combining the use of the class X509Certificate2 that provides parsing of the PFX/P12 file and P/Invoking CryptoAPI functions in order to perform the actual import.

I have implemented this in a C# console program that replicate certutil import functionality. You can get its source code from http://www.idrix.fr/Root/Samples/PfxImporter.cs .

I also implemented this in C++ if anyone is interested. Here is the source : http://www.idrix.fr/Root/Samples/PfxImporter.cpp .

Last point: As documented in the smart card minidriver specification, two registry keys must be modified to permit the import operation using the MS Base CSP :

1. HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\ AllowPrivateExchangeKeyImport = DWORD:0x01
2. HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\ AllowPrivateSignatureKeyImport = DWORD:0x01