1

I have our own CNG provider. Using c# with .net framework 4.6.1 with window 7. I am using clrsecurity. 

string fp = "223298a5c7c9f78a42d83a5ffbxxxxxxxx";
//string fp = "331ffa497d90d19446171f85xxxxxxxx"; //MS
// Load the certificate with the specified serial number
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindBySerialNumber, fp, false);

// check if at least one certificate has been found
if (certificates.Count != 1)
{
    throw new Exception("The certificate with the serial number " + fp + " could not be found.");
}

X509Certificate2 cert = certificates[0];
CngKey cngKey = null;
if (cert.HasCngKey())
{
    //rsa = cert.GetRSAPrivateKey();                   
    cngKey = cert.GetCngPrivateKey();
}

Property of cngKey: enter image description here

The problem is I am not able to set the provider name into CngKey object. So how to use the clrsecurity dll for non Microsoft KSP.

jiten
  • 5,128
  • 4
  • 44
  • 73
  • 2
    The clrsecurity project is unsupported, you should just use the final product version (the commented out cert.GetRSAPrivateKey()). But either way, the answer is that it uses whatever KSP the cert's `CERT_KEY_PROV_INFO_PROP_ID` property says to use. – bartonjs Aug 28 '19 at 16:59
  • Is GetRSAPrivateKey() will work for custom CNG provider? – jiten Aug 28 '19 at 17:27
  • 2
    `GetRSAPrivateKey` will use whatever KSP the (native) cert property says to. It doesn’t assume anything (or smart cards and network HSMs would likely not work). – bartonjs Aug 28 '19 at 17:57
  • The RSA object decrypt fine but when I see the property of RSA object, there is still exceptions. – jiten Sep 03 '19 at 09:19

0 Answers0