EDN Admin
Well-known member
Hello everyone,
I am trying to get a certificate from the certificate store using VC ++. For this I open the certificate store using X509store and check all certificates in the store till I get the desired one based on thumbprint (Certificate hash). But once I assign this
certificate to a X509Certficate2 then X509Certficate2.HasPrivateKey always returns false even if the certificate has a private key. I am sure about the presence of the private key because I am able to see it using MMC and adding certificate snap in. Also,
when I use C# to do the same thing I am able to get the private key. The Code I am using is follows:
VC++ Code //This shows HasPrivateKey false for all the certificates in the certificate store even if //it is present.
bool CertStore_Access::Class1::ValidateBaseMachine(System::String ^Thumbprint)<br/>
{ <br/>
int count = 0;<br/>
bool isCertPresent = FALSE;<br/>
X509Certificate tempCert;<br/>
X509Certificate MyCert;<br/>
<br/>
//Search for certificate in Current user store<br/>
X509Store ^ store = gcnew X509Store(StoreName::My,StoreLocation::CurrentUser);<br/>
store->Open(OpenFlags::ReadOnly);
<br/>
for(count = 0; count < store->Certificates->Count; count++)<br/>
{<br/>
tempCert.Import(store->Certificates[count]->RawData);
<br/>
<br/>
if(tempCert.GetCertHashString()->ToLower() == Thumbprint->ToLower())
<br/>
{
<br/>
isCertPresent = TRUE;<br/>
MyCert.Import(tempCert.GetRawCertData());<br/>
break;<br/>
//store->Close();<br/>
}<br/>
}<br/>
<br/>
if(!isCertPresent)<br/>
{ <br/>
//Search for certificate in Local Machine store<br/>
X509Store ^ storenew = gcnew X509Store(StoreName::My,StoreLocation::LocalMachine);<br/>
storenew->Open(OpenFlags::ReadOnly);
<br/>
for(count = 0; count < storenew->Certificates->Count; count++)<br/>
{<br/>
tempCert.Import(storenew->Certificates[count]->RawData);<br/>
if(tempCert.GetCertHashString()->ToLower() == Thumbprint->ToLower())
<br/>
{
<br/>
isCertPresent = TRUE;<br/>
MyCert.Import(tempCert.GetRawCertData());<br/>
break;<br/>
//storenew->Close();<br/>
}<br/>
}<br/>
}<br/>
<br/>
//validate presence of desired certificate<br/>
if(!isCertPresent)<br/>
{<br/>
return FALSE;<br/>
}<br/>
<br/>
//validate certificate chain<br/>
/*if(!MyCert.Verify())<br/>
{<br/>
return FALSE;<br/>
}*/ <br/>
<br/>
//Validate against expiry date<br/>
/*if(MyCert.NotAfter.CompareTo(DateTime::Now) <= 0)<br/>
{<br/>
return FALSE;<br/>
}*/<br/>
<br/>
//Validate for private key existence<br/>
if(!MyCert.HasPrivateKey)<br/>
{<br/>
return FALSE;<br/>
}<br/>
<br/>
return FALSE;<br/>
}
VC# Code //This gives correct result
public static X509Certificate2 GetCertificate(string _thumbprint)<br/>
{<br/>
try<br/>
{<br/>
//Open X509 store of Local Machine
<br/>
X509Store x509Store = new X509Store(StoreLocation.LocalMachine);<br/>
x509Store.Open(OpenFlags.ReadOnly);<br/>
<br/>
//Search for certificate having same thumbprint<br/>
foreach (X509Certificate2 storeCertificate in x509Store.Certificates)<br/>
{<br/>
if (_thumbprint.ToLower() == storeCertificate.Thumbprint.ToLower())<br/>
{<br/>
return storeCertificate;<br/>
}<br/>
}<br/>
<br/>
//Open X509 store of Current User<br/>
X509Store x509Store1 = new X509Store(StoreLocation.CurrentUser);<br/>
x509Store1.Open(OpenFlags.ReadOnly);<br/>
<br/>
//Search for certificate having same thumbprint<br/>
foreach (X509Certificate2 storeCertificate in x509Store1.Certificates)<br/>
{<br/>
if (_thumbprint.ToLower() == storeCertificate.Thumbprint.ToLower())<br/>
{<br/>
return storeCertificate;<br/>
}<br/>
}<br/>
}<br/>
catch (Exception ex)<br/>
{<br/>
return null;<br/>
}<br/>
<br/>
return null;<br/>
}
View the full article
I am trying to get a certificate from the certificate store using VC ++. For this I open the certificate store using X509store and check all certificates in the store till I get the desired one based on thumbprint (Certificate hash). But once I assign this
certificate to a X509Certficate2 then X509Certficate2.HasPrivateKey always returns false even if the certificate has a private key. I am sure about the presence of the private key because I am able to see it using MMC and adding certificate snap in. Also,
when I use C# to do the same thing I am able to get the private key. The Code I am using is follows:
VC++ Code //This shows HasPrivateKey false for all the certificates in the certificate store even if //it is present.
bool CertStore_Access::Class1::ValidateBaseMachine(System::String ^Thumbprint)<br/>
{ <br/>
int count = 0;<br/>
bool isCertPresent = FALSE;<br/>
X509Certificate tempCert;<br/>
X509Certificate MyCert;<br/>
<br/>
//Search for certificate in Current user store<br/>
X509Store ^ store = gcnew X509Store(StoreName::My,StoreLocation::CurrentUser);<br/>
store->Open(OpenFlags::ReadOnly);
<br/>
for(count = 0; count < store->Certificates->Count; count++)<br/>
{<br/>
tempCert.Import(store->Certificates[count]->RawData);
<br/>
<br/>
if(tempCert.GetCertHashString()->ToLower() == Thumbprint->ToLower())
<br/>
{
<br/>
isCertPresent = TRUE;<br/>
MyCert.Import(tempCert.GetRawCertData());<br/>
break;<br/>
//store->Close();<br/>
}<br/>
}<br/>
<br/>
if(!isCertPresent)<br/>
{ <br/>
//Search for certificate in Local Machine store<br/>
X509Store ^ storenew = gcnew X509Store(StoreName::My,StoreLocation::LocalMachine);<br/>
storenew->Open(OpenFlags::ReadOnly);
<br/>
for(count = 0; count < storenew->Certificates->Count; count++)<br/>
{<br/>
tempCert.Import(storenew->Certificates[count]->RawData);<br/>
if(tempCert.GetCertHashString()->ToLower() == Thumbprint->ToLower())
<br/>
{
<br/>
isCertPresent = TRUE;<br/>
MyCert.Import(tempCert.GetRawCertData());<br/>
break;<br/>
//storenew->Close();<br/>
}<br/>
}<br/>
}<br/>
<br/>
//validate presence of desired certificate<br/>
if(!isCertPresent)<br/>
{<br/>
return FALSE;<br/>
}<br/>
<br/>
//validate certificate chain<br/>
/*if(!MyCert.Verify())<br/>
{<br/>
return FALSE;<br/>
}*/ <br/>
<br/>
//Validate against expiry date<br/>
/*if(MyCert.NotAfter.CompareTo(DateTime::Now) <= 0)<br/>
{<br/>
return FALSE;<br/>
}*/<br/>
<br/>
//Validate for private key existence<br/>
if(!MyCert.HasPrivateKey)<br/>
{<br/>
return FALSE;<br/>
}<br/>
<br/>
return FALSE;<br/>
}
VC# Code //This gives correct result
public static X509Certificate2 GetCertificate(string _thumbprint)<br/>
{<br/>
try<br/>
{<br/>
//Open X509 store of Local Machine
<br/>
X509Store x509Store = new X509Store(StoreLocation.LocalMachine);<br/>
x509Store.Open(OpenFlags.ReadOnly);<br/>
<br/>
//Search for certificate having same thumbprint<br/>
foreach (X509Certificate2 storeCertificate in x509Store.Certificates)<br/>
{<br/>
if (_thumbprint.ToLower() == storeCertificate.Thumbprint.ToLower())<br/>
{<br/>
return storeCertificate;<br/>
}<br/>
}<br/>
<br/>
//Open X509 store of Current User<br/>
X509Store x509Store1 = new X509Store(StoreLocation.CurrentUser);<br/>
x509Store1.Open(OpenFlags.ReadOnly);<br/>
<br/>
//Search for certificate having same thumbprint<br/>
foreach (X509Certificate2 storeCertificate in x509Store1.Certificates)<br/>
{<br/>
if (_thumbprint.ToLower() == storeCertificate.Thumbprint.ToLower())<br/>
{<br/>
return storeCertificate;<br/>
}<br/>
}<br/>
}<br/>
catch (Exception ex)<br/>
{<br/>
return null;<br/>
}<br/>
<br/>
return null;<br/>
}
View the full article