locked
CryptoAPI in Windows Store application (Metro)

    Question

  • Hello,

    I would like to know for sure, if there is any possibility for Metro application to access the certificates installed in the local machine's certificate store (e.g. "MY") for listing, reading, digital signing, exporting to file etc. I've tried to find the definite answer, but still no luck.

    The only things I have come across are these:

    This page suggests using the sharedUserCertificates capability, but I haven't been able to find any sample code to work with certificates.

    On the other hand, as stated here, only the Windows.Security.Cryptography namespace is available, that, unfortunately, has no support for those required actions.

    So my questions is - is a Metro application able to work with local machine's installed certificates? If so, could you please point me to some detailed information and samples?

    Thank you in advance.


    Wednesday, May 22, 2013 12:53 PM

All replies

  • Hello,

     

    I will involve more experts to investigate it.

     

    Best regards,

    Jesse


    Jesse Jiang
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, May 24, 2013 2:41 AM
  • The sharedUserCertificates capability grants an app container read access to the certificates and keys
    contained in the user MY store and the Smart Card Trusted Roots store.

    For MY store case, you can use CertificateEnrollmentManager.ImportPfxDataAsync to import the certificate which is included in your windows store app package. You can also call CertificateEnrollmentmanager.CreateRequestAsync to get a certificate from the server and use InstallCertificateAsync to install this certificate to your MY store.

    For Smart Card Trusted Root store case, you must call CertificateEnrollmentmanager.CreateRequestAsync
    first, where you must specify the smart card key storage provider for the
    request.keyStorageProviderName. After the request is created, submitted and the
    issued certificate is get back then you can use InstallCertificateAsync to install the issued
    certificate to your smart card device.

    Then banking app is a good sample to show how to use certificates related APIs.

    http://code.msdn.microsoft.com/windowsapps/Metro-style-banking-app-7d963c00

    And please note that sharedUserCertificates is only available for company account. So please make sure that your developer account belongs to company account.

    Tuesday, May 28, 2013 3:17 AM
    Moderator