How to read Pkcs#7 certificate chain from file/stream in C#?

Question

I have two certificates that I saved to disk. One is a certificate with private key that I exported as a .pfx file, the other one is a certificate that I saved including its certificate chain as a PKCS#7 file ("certchain.p7b").

In C# I can now load the .pfx file with

  var cert = new X509Certificate2(myPfxFileStream);

(myPfxFileStream is a FileStream opened to the .pfx File for reading), however trying the same thing with the PKCs#7 Certificate fails in a CryptoGraphicException "Der Indexwert ist ungültig" which translates to "invalid index value".

I assume I have to parse PKCS#7 differently (it contains a chain, not a single certificate!), but how?

(Oh, by the way: Currently I have no passwords on those certficiates)

score 9 · Accepted Answer · edited May 25 '21 at 18:56

9

You will want to use the SignedCms class in the System.Security.Cryptography.Pkcs namespace.

This blog entry will show you how to use the class:

link update 2021: https://learn.microsoft.com/en-us/archive/blogs/shawnfa/enveloped-pkcs-7-signatures

original link: http://blogs.msdn.com/shawnfa/archive/2006/02/27/539990.aspx

You basically will call the Decode method, passing the bytes representing the PKCS file.

edited May 25 '21 at 18:56

dovholuk

969
1
11
23

answered Feb 23 '09 at 19:49

casperOne

73,706
19
184
253

Right on the spot. Thank you! – froh42 Feb 23 '09 at 21:58

How to read Pkcs#7 certificate chain from file/stream in C#?

1 Answers1