none
Sign SHA512 with X509Store RRS feed

  • Question

  • Hi All,

    I wanna store my private key in Windows Certificate Store as non-exportable for security reasons.

    I have to sign a data with RSA-SHA256. I am using the code at below for that but it gives that error: "Invalid algorithm specified."

        X509Certificate2 TSMCert = null;
                var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadWrite);
                
                foreach (X509Certificate2 aCert in store.Certificates)
                {
                    Console.WriteLine(aCert.IssuerName.Name);
                    if (aCert.HasPrivateKey)
                    {
                        TSMCert = aCert;
                        break;
                    }
                }

                byte[] data = new byte[1024];
                new Random().NextBytes(data);
                RSACryptoServiceProvider rsa = TSMCert.PrivateKey as RSACryptoServiceProvider;
                byte[] signature = rsa.SignData(data, CryptoConfig.MapNameToOID("SHA256"));

    In the internet, there are solution that exports the private key and use it. But i do not wanna make my private key exportable.

    As my second question, Can i trust Microsoft Certificate Store to store my private key?

    Thursday, November 27, 2014 7:57 PM

Answers

  • Hello OrEr,

    >> In the internet, there are solution that exports the private key and use it. But i do not wanna make my private key exportable.

    If you mean you do not want to export a .pfx file and use it to create the X509Certificate2 object, you could use the .cer file which contains the public key only, you could check this link, it creates the X509Certificate2 with the .cer file. However, it still would expose the private key in the program, if you even do not want this, I afraid that the RSACryptoServiceProvider is not appropriate for this scenario, you could use others as AesCryptoServiceProvider mentioned in that link.

    For the second question, it is beyond the scope of our support, you could ask it on:

    http://answers.microsoft.com/en-us

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, November 28, 2014 7:04 AM
    Moderator