1

I have a X509Certificate2 with private key NOT exportable from the Windows store with this code:

X509Certificate2 oCertificato = null;

X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
System.Security.Cryptography.RSACryptoServiceProvider csp = null;
foreach (X509Certificate2 cert in my.Certificates)
{
    if (cert.SerialNumber.Trim() == cSerial)
    {
        csp = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
        oCertificato = cert;
        break;
    }
}

When I use the certificate with a web service Windows ask the private key. Question: How can I send the private key to certificate?

Regards.

EDIT: This is the function with the connection as the web service:

string cEndPoint = Leo.myendpoint();

ServicePointManager.ServerCertificateValidationCallback = CertificateHandler;

datiOperatore DataOp = Leo.OperatorData();//Operator data request from system (it's ok)
datiApplicativo DataApp = Leo.AppData();//program data request from system (it's ok)

var b = new CustomBinding();
var sec = new AsymmetricSecurityBindingElement(
    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.Never),
    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient));
sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sec.IncludeTimestamp = true;
sec.SetKeyDerivation(false);
sec.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
sec.EnableUnsecuredResponse = true;

b.Elements.Add(sec);

b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
b.Elements.Add(new HttpsTransportBindingElement());

EndpointAddress ea = new EndpointAddress(cEndPoint);

oClient = new CVPClient(b, ea);

X509Certificate2 certSigned = Leo.GetSignedCert();//HERE IS THE REQUEST OF PRIVATE KEY
X509Certificate2 certUnsigned = Leo.GetUnSignedCertificate();

oClient.ClientCredentials.ClientCertificate.Certificate = certSigned;
oClient.ClientCredentials.ServiceCertificate.DefaultCertificate = certUnsigned;
jww
  • 97,681
  • 90
  • 411
  • 885
Alexander
  • 97
  • 1
  • 8
  • 1
    what do you mean "When i use the certificate with a web service Windows ask the private key" - what is the code where you're calling that web service? – Ivan Yuriev Apr 02 '16 at 09:03
  • *"How can I send the private key to certificate?"* - You don't The private key remains protected in the store. You only send the client certificate to identify the client. The client and server will use the other's public key in the respective certificate to create a secure channel. – jww Jun 06 '17 at 04:56

1 Answers1

1

I solving the problem:

string cPin = "12345";
System.Security.SecureString SecurePIN = new System.Security.SecureString();
foreach (char ch in cPin)
{ SecurePIN.AppendChar(ch); }
var rsa = (RSACryptoServiceProvider)certSigned.PrivateKey;
string ContinerName = rsa.CspKeyContainerInfo.KeyContainerName;
string CspName = rsa.CspKeyContainerInfo.ProviderName;
int CspType = rsa.CspKeyContainerInfo.ProviderType;
CspParameters csp = new CspParameters(CspType, CspName, ContinerName, new System.Security.AccessControl.CryptoKeySecurity(), SecurePIN);
RSACryptoServiceProvider CSP = new RSACryptoServiceProvider(csp);

I hope it is useful to others

jww
  • 97,681
  • 90
  • 411
  • 885
Alexander
  • 97
  • 1
  • 8