Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

PFX Import - Can Import but can't read back PrivateKey

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Raghu - 16 Feb 2006 07:30 GMT
Hi,

I am using .net 2.0 on windows xp (sp2). I wrote following code to import
the certificate into my store name in local machine location:

X509Store myStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
myStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

X509Certificate2 certificate = new X509Certificate2();
certificate.Import(fileName, mypassword, X509KeyStorageFlags.MachineKeySet);
myStore.Add(certificate);
myStore.Close();

The issuer certificate (for the above certificate) is already in the local
machine store.

After wards I write following code to dump the contents of the certificate
(in total different process):

X509Store myStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
myStore.Open(OpenFlags.ReadOnly);

foreach (X509Certificate2 cert in myStore.Certificates)
{
Console.WriteLine("Issuer: {0}; Subject={1}", cert.Issuer, cert.Subject);
if (!cert.HasPrivateKey)
{
 Console.WriteLine("Certificate has no private key.");
}

RSACryptoServiceProvider rsa = cert.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
 ...
}
}

The above code throws exception on the line that contains cert.PrivateKey
property. It is not cast exception ("Keyset does not exist") since I am
using as operator.

If I delete the certificate and import it through windows Certificates mmc,
my read code executes fine. In both cases, I can check that the imported
certificate has the private key.

Is there some thing wrong in my import code???

Thanks,
Raghu/..
Reply to this Message
Mitch Gallant - 16 Feb 2006 12:55 GMT
Did you check the details of both certificates and compare (i.e. the one you
imported programaticaly versus the one you manually imported by MMC) ?

Not sure about this, but the cert.PrivateKey  might require that the private key
be exportable. Check and compare the Exportable flag that is default for
the X509KeyStorageFlags. Might not be able to instantiate RSACryptoSeviceProvider
that way if key is not exportable .. just a guess.

- Mitch Gallant

> Hi,
>
[quoted text clipped - 42 lines]
> Thanks,
> Raghu/..
Reply to this Message
Raghu - 16 Feb 2006 18:32 GMT
I don't see any differences. When I imported the pfx file through mmc, I did
not check the exportable check box. So that is not the issues.

Any other ideas?

Thanks.

> Did you check the details of both certificates and compare (i.e. the one
> you
[quoted text clipped - 62 lines]
>> Thanks,
>> Raghu/..
Reply to this Message
avinashraj - 30 Sep 2006 13:26 GMT
Hey Raghu,
I seem to have run into the exact same problem.
Were you able to resolve it ?

Any help will be great.
Thanks,
Avinash

>Hi,
>
[quoted text clipped - 45 lines]
>Thanks,
>Raghu/..
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.