how to use p7b and p12 certificates

Question

Hello my goal is it to encrypt the password of a zipfile. As for now I only had to generate a SHA Hash which will be my password and used the RSA-Cryptoprovider with me private key to encrypt the password.

Now I need to use .p7b and .p12 certificates to do this task. But I dont understand what do I need those files for after some research I figured out that .p12 will be probably the file that I use to encrypt my password but what do I need .p7b for?

That is what I did so far with it, it seems to work because I can read the string but still what do I need my .p7b file for?

var password = @"test";
var p12FilePath = @"key\Test.p12";
var text = @"myFutureZipPassword";

X509Certificate2 cert = new X509Certificate2(p12FilePath, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
byte[] certData = cert.Export(X509ContentType.Pfx, password);
RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;

SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
var sign = rsaKey.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));


var str = System.Text.Encoding.Default.GetString(sign);

Answer 1

Neither p12 - the extension for PKCS#12 key/certificate stores - nor .p7b - the extension for PKCS#7 binary Cryptographic Message Syntax - is a certificate.

PKCS#12 can be used to store multiple private key / certificate chains (required to sign or decrypt) or just trusted certificates (used to verify or encrypt). Other information can be stored as well, but for your assignment you should just use it as key / certificate store.

The PKCS#7 standard specifies the Cryptographic Message Syntax or CMS. It specifies a container format which can be used to specify signed or enveloped (read: encrypted) messages / files. Whereas RSA by itself can encrypt small files, PKCS#7 allows you to use a well specified form of hybrid encryption.

The container format indicates and may contain the certificates used to perform the encryption so you can choose which key to use. It also specifies the algorithms used to perform the encryption. To use it you need a higher level API than RSACryptoServiceProvider; it is provided in the PKCS namespace within the .NET framework (start with EnvelopedCms). PKCS stands for Public Key Cryptography Standards, which were first created by RSA Labs and then copied and continued in RFC's.

The structure of PKCS#12 and PKCS#7 have been defined in a language that defines data structures called ASN.1. The structures are then encoded using a binary encoding format called BER / DER. However, to make sure that the messages are correctly transmitted over a text based interface, the PKCS#7 file is often ASCII armored using PEM text encoding, which is just basically a few header / footer lines with base 64 encoded binary in between. The b is there in the filename to show that the PEM encoding should not be performed.

Note that sometimes the PKCS#7 / CMS is also used to simply store certificates, which could be used for encryption as you only need the public key for that. However, it is much nicer to use PKCS#12 for that.