How do I extract the list of serial numbers from a Certificate Revocation List in C# without using third party libraries?

Question

I've connected to a MS PKI Certificate Revocation List distribution point and obtained the CRL

What's the most straightforward way to extract the list of serial numbers from the CRL without using third party libraries?

Answer 1

You will have to unroll the CRL by using unmanaged CryptoAPI functions (through p/invoke, of course). Generally, you will have to the following high-level step-by-step:

1. CertCreateCRLContext -- this function will return a pointer to a CRL_CONTEXT structure.
2. Use Marshal.PtrToStructure .NET method to convert pCrlInfo pointer of CRL_CONTEXT structure to CRL_INFO structure.
3. rgCRLEntry is an array of pointers (array size is determined by cCRLEntry member of CRL_INFO).
4. Iterate over this array by incrementing starting pointer by the size of CRL_ENTRY structure.
5. SerialNumber member of CRL_ENTRY is a byte array. You can directly use Marshal.Copy(IntPtr, Byte[], Int32, Int32) method to copy unmanaged array to managed. This will give you serial number. Repeat steps 4-5 for each CRL entry.

Do not forget to release pointer to CRL_CONTEXT structure by calling CertFreeCRLContext function when finished to prevent memory leaks.