Reputation: 156
How to decide that a certificate in the store is smart card related or not?
I can enumerate the certificates present on the inserted smart card but how can one decide that the certificates present in the windows certificate store are related to smart card even when there is no smart card inserted?
How can I know if a certificate from the store will ask for a PIN before using it when there is no smart card present?
Upvotes: 1
Views: 1123
Answers (1)
Reputation: 13944
If you have a certificate and associated private key (as an X509Certificate2 object), you can check certificate.PrivateKey.CspKeyContainerInfo.HardwareDevice property chain (HardwareDevice property). If the property returns true then the key is stored on a smart card and most likely (but not necesaary) will propmpt a PIN when you try to access the key. This will work if the key is stored in the legacy Cryptographic Service Provider (CSP).
Modern cards support modern provider types called Key Storage Provider (KSP) which is poorly supported in .NET. This means that if the key is stored in the hardware KSP, then HasPrivateKey property (of the X509Certificate2 object) will return True and PrivateKey will be null. In this case, you will have to do some extra work by calling native CryptoAPI functions in the NCrypt family. Though, starting with .NET 4.6+, there are several extension methods in X509Certificate2 class which can be used to retrieve provider information: X509Certificate2 Extension Methods.
Upvotes: 3
Related Questions
- How do I remedy "The breakpoint will not currently be hit. No symbols have been loaded for this document." warning?
- Is there a reason for C#'s reuse of the variable in a foreach?
- Why not inherit from List<T>?
- The located assembly's manifest definition does not match the assembly reference
- Event when smart card of the X509Certificate2 object is removed