none
How to get Distinguished Name or X509Certificate from RSACryptoServiceProvider? RRS feed

  • Question

  • I have a valid RSACryptoServiceProvider object and I am trying to get

    1. subject name (or Distinguished Name) of the underlying keypair

    2. X509Certificate represenation of the public key

    represented by the CSP. This object is able to login to Smarcard and the following code is working.

                    CspParameters csp = new CspParameters(1,
                        "Microsoft Base Smart Card Crypto Provider",
                        "TestSmartcard",
                        new System.Security.AccessControl.CryptoKeySecurity(),
                        password);

                    Console.WriteLine("CSP started.");

                    csp.Flags = CspProviderFlags.UseDefaultKeyContainer;

                    // Initialize an RSACryptoServiceProvider object using the CspParameters object.
                    RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
                    System.Console.WriteLine("Successfully authenticated");

                    CspKeyContainerInfo keyInfo = rsa.CspKeyContainerInfo;

                    // Display the value of some properties.
                    Console.WriteLine("HardwareDevice property: " + keyInfo.HardwareDevice);
                    Console.WriteLine("KeyContainerName property: " + keyInfo.KeyContainerName);

                    Console.WriteLine("RSA to String: " + rsa.ToString());
                    String publicKey = rsa.ToXmlString(false);
                    Console.WriteLine("RSA to xml: " + publicKey);

                    RSAParameters rsaParams = rsa.ExportParameters(false);
                    rsaParams.Modulus.ToString();
                    System.Console.WriteLine("Public Key Modulus" + rsaParams.Modulus.ToString());
                    System.Console.WriteLine("Public Key Exponent" + rsaParams.Exponent.ToString());

    As shown above, I can get the public key as xml modulus and exponent. I am not able to figure out how to actually see the SubjectName or DistringuishedName of that key. Then converting the public key to X509Certificate format is a bigger challenge.

    I am new to .NET, trying to figure this out. Please help!


    Monday, January 30, 2012 9:28 PM

Answers

All replies

  • Hi,

    I am not clear of your problem. What exactly do you want? Could you please give us an example? "I am not able to figure out how to actually see the SubjectName or DistringuishedName of that key." What is expected result in your side?

    Look forward to hearing from you.

    Thanks.

     


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us
    Wednesday, February 1, 2012 9:21 AM
  • Hi Paul, Thanks for looking into this.

    RSACryptoServiceProvider is encapsulating the underlying private/public keypair. The keypair itself has a unique name (called Subject / SubjectName) such as the public key of https://www.bankofamerica.com reads

    Subject: CN=www.bankofamerica.com,OU=WebSphere Ecomm,O=Bank of America Corporation,L= Dallas,ST= Texas,C= US

    Here CN is CommonName which is regularly used by browsers etc to match hostname with what is digitally printed on the public key. I am trying to get that CN and/or Subject from the keypair.

    This information is easily obtained from X509Certificate2.SubjectName (http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx). So, conversion to X509Certificate will readily solve my problem.

    Please let me know if I clarified enough.

    Wednesday, February 1, 2012 4:24 PM
  • I am sorry for late response. You can refer to this thread:

    http://forums.asp.net/t/1531893.aspx

    It provides a solution that use CertSetCertificateContextProperty API to achieve your requirement.

    I hope this can help you.


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us

    • Marked as answer by Paul Zhou Thursday, February 16, 2012 8:57 AM
    Thursday, February 9, 2012 8:28 AM