Reputation: 5143
Read certificates from a PKI card
How can I read certificates from a PKI card?
I tried finding answer on the Internet but I didn't get any good results.
Any ideas how to get the certs from a PKI card?
I need to sign some forms with a certificate key. All this will happen in a web app.
Later...
I didn't tried much because I don't have a point to start. I've just learned that all of the certs are read by Windows when you insert the card. This way I think I can get them using X509Store. I'll try it and I'll be back but still I'm in the need of some help.
Upvotes: 4
Views: 3390
Answers (1)
Reputation: 967
As soon as you plugin in your SmartCard the certificates are copied to your local, personal certificate store. You can use "certmgr.msc" (run -> enter) to have a look at these certs.
You can access the certificates, as well as the associated private keys, with the X509Store. But of course you can only do it locally on your machine due to security reasons. Imagine every website would have access to your private keys... How to Sign and Verify the signature with .NET and a certificate (C#)
If you are using CAPICOM, you will still need to execute code on the local machine (JavaScript). You find the following statement here :
[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, Windows XP. Instead, use the .NET Framework to implement security features. For more information, see the alternatives listed below.] Important None of the alternatives to CAPICOM offer a solution for scripts; therefore, you must write your own ActiveX control. For more information, see ActiveX Controls.
Which indicates that the .Net classes are not a "full" replacement to CAPICOM. So you can't use the "X509" classes in JavaScript.
If you want to use a client side private certificate to sign some data (assume a hash), you need to run code on the client. Here are some ideas what you could do:
- Write an ActiveX control
- Write browser Plugin(s)
- Write an application which can be called by using a custom URI schema (can't post another Link, google it and you will find it).
Of course you need to retrieve the data on the server side and for the last solution you may need a kind of a webservice.
Conclusion
Don't be confused about private and public keys from a certificate. There are scenarios where you send a certificate to the server for e.g. authentication. But then its your public key. You should never send your private key around (of course technically its possible).
Upvotes: 5
Related Questions
- Get information of a particular X509 Certificate in C#
- How to read Pkcs#7 certificate chain from file/stream in C#?
- Read certificates on Smartcard
- How to retrieve certificates from a pfx file with c#?
- How to gain access to private key of PKI certificate via Smart Card reader without PIN prompt?
- PKCS11Interop : How to extract certificate with private key?
- Reading an X.509 Certificate2 PrivateKey
- Reading X509v3 extension fields from Request.ClientCertificate in .NET
- Access certificate and private key from pkcs#11 token or smart-card
- How to read certificates from my certificate store?