C
C
critica1err0r2016-01-18 12:49:46
.NET
critica1err0r, 2016-01-18 12:49:46

Is it possible, when working with a certificate with a private key (etoken), to do without installing a cryptographic provider (CryptoPro CSP) on the server?

The question is, is it possible, when working with a certificate with a private key (etoken), to do without installing a cryptographic provider (CryptoPro CSP) on the server?
To accomplish this task, a certificate with a private key was exported through the CryptoPRO CSP, resulting in a .pfx container. Next, the certificate from the created container was installed in the repository.
But when accessing this certificate

X509Store store = new X509Store( "MY",StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2Collection found = store.Certificates
    .Find(X509FindType.FindBySerialNumber, "XXX", false);
X509Certificate2 certificate = found[0];

property certificate.PrivateKey == null.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Ai Lab, 2016-01-20
@vpuhoff

Probably a problem with the certificate, because. here's an example from msdn:
// Find the certificate we'll use to sign
RSACryptoServiceProvider csp = null;
foreach (X509Certificate2 cert in my.Certificates)
{
if (cert.Subject.Contains(certSubject))
{
// We found it.
// Get its associated CSP and private key
csp = (RSACryptoServiceProvider)cert.PrivateKey;
}
}
if (csp == null)
{
throw new Exception(“No valid cert was found”);
}
And null in PrivateKey only indicates the absence of this key, nothing more, nothing less
Already wrote something like this, .net has the GOST algorithm out of the box and it’s not necessary to use external libraries, it’s also not necessary to use cryptopro, .net uses api windows to search for keys and other work, that is, if there is no cryptopro, standard windows requests will appear. I can look for the source if necessary, I think they are still alive.

R
Ref, 2016-01-18
@KargoZ

No. No crypto provider == no encryption algorithm.

A
Alexander Evseev, 2016-01-28
@alex1t

As far as I remember my communication with CryptoPro, it will not work without its installation. If you try to look at the installed certificate through certmgr, you will see that it is not valid. This is due to the fact that CryptoPro certificates are signed by GOST algorithms, which are not available by default in Windows. This is the essence of the crypto-provider. It provides a new encryption algorithm to the system (by standard means). So only after installing it, Windows itself will be able to determine the algorithm used for signing and show the certificate as valid. Accordingly, your code should also work after.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question