1

I'm converting the existing C# code which was written with interop and native calls to 100% managed code. The code is the API library which lets the caller to decrypt S/MIME messages by passing the encrypted data and the array of certificate stores where to search for the certificates.

With Win32 API (used by the current implementation of the API library I'm working on), CryptDecryptMessage accepts CRYPT_DECRYPT_MESSAGE_PARA structure which lets me specify the array of certificate stores to search (rghCertStore field). I can't find out how I can reproduce the same with EnvelopedCms class.

EnvelopedCms.Decrypt method overloads let me specify the collection of certificates to search but I need the ability to specify the collection of certificate stores. Is it possible?

Alex
  • 2,469
  • 3
  • 28
  • 61
  • Look at this [thread](https://stackoverflow.com/questions/44776088/decrypting-envelopedcms-with-non-default-algorithmidentifier), it might be helpful – Pavel Anikhouski Aug 02 '19 at 12:55
  • @PavelAnikhouski Thanks. If I'm correct, in this thread they are simply populating the collection of certs with all certs from a store and then passing this collection to EnvelopedCms. Sounds like overkill. I'd better not read all certs from each store just to let Decrypt method do its job (like I didn't need to do that in Win32 API case). – Alex Aug 02 '19 at 13:06
  • Win32 API do that under the hood. You can populate only the necessary certificates, not all of them – Pavel Anikhouski Aug 02 '19 at 13:09
  • @PavelAnikhouski I guess Win32 does it in a much more efficient manner. No, I cannot populate only the necessary certificates. My code is a library, not an end-user software, I don't know what the caller assumes by "the necessary certificates". My code contract is that I must take a collection of certificate stores as an input. I'm not allowed to break the API. So I'll have to read all certificates from each store in that case (if there is no another route). – Alex Aug 02 '19 at 13:29
  • 1
    The collection of extra certs is the only way without forking the code. – bartonjs Aug 02 '19 at 16:47

0 Answers0