0

The .NET class System.Security.Cryptography.X509Certificates.X509Extension does not support some X.509 extensions I want to parse (subject alternative name, name constraints). The MSDN page for this class states "Custom extensions can be registered in a CryptoConfig file" (link), but the description of the CryptoConfig class discusses only setting up custom cryptographic algorithm implementations -- it is not obvious how to register a custom X.509 extension.

Does anyone know how to do this?

Hinek
  • 9,519
  • 12
  • 52
  • 74
KaiEkkrin
  • 1
  • 1

2 Answers2

0
X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certByte);
string fn = cert.Extensions[0].Oid.FriendlyName;
string oid = cert.Extensions[0].Oid.Value;
string val = cert.Extensions[0].Format(true);
Mazhas
  • 1
  • 1
    Can you develop more? – Robin Apr 10 '14 at 13:37
  • 1
    What do you mean "more"? There was a statement that .net class enumerates the DER-encoded ASN.1 data and there is no "clean" way to decode to string. Actually you can create X509Certificate2 object from byte array, file, etc. and extract decoded string by using Format(bool) method on Extensions array item. You should check if Extensions array has any items etc first. – Mazhas Apr 11 '14 at 07:52
0

If you don't find a solution with the built-in class, take a look at our PKI components of SecureBlackbox. They let you manage custom extensions easily.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • 1
    Thanks. I didn't find a clean solution, but it turns out the X509Certificate2.Extensions field will enumerate unrecognised extensions as bare X509Extension instances -- these expose the DER-encoded ASN.1 data in the RawData field (which can be hand parsed.) – KaiEkkrin Jul 01 '10 at 10:40