locked
SSL/Cryptography with WinRT RRS feed

  • Question

  • I can do this in C# today, but can’t figure out how to do this in WinRT.  How do I implement mTLS and handle the certificates on my own?

    This is a snippet of the client code:

    //Loading self-signed certificate embedded in the app as a resource Stream cert = Assembly.GetExecutingAssembly().GetManifestResourceStream("SocketClient.cert.p12"); byte[] certdata = new byte[cert.Length]; cert.Read(certdata, 0, (int) cert.Length); var certificate = new X509Certificate2(certdata); // Connecting TcpClient client = new TcpClient("localhost", 1337); // Initiated TCP Client // ------------------------------------------------------ placeholder delegate to trust anyone var sslStream = new SslStream(client.GetStream(), false, (sender, peercert, chain, sslPolicyErrors) => true); sslStream.AuthenticateAsClient("", new X509Certificate2Collection( new[] {certificate}), System.Security.Authentication.SslProtocols.Tls, false); // Authenticated as Client // drop it client.Close();

    .. and this is a snippet of the server code:

                // Loading self-signed certificate embedded in the app as a resource
                Stream cert = Assembly.GetExecutingAssembly().GetManifestResourceStream("SocketServer.cert.p12");
    
                byte[] certdata = new byte[cert.Length];
                cert.Read(certdata, 0, (int) cert.Length);
                var certificate = new X509Certificate2(certdata);
    
                // Listening...
                TcpListener listenerv4 = new TcpListener(IPAddress.Any, 1337);
                listenerv4.Start();
                TcpClient client = listenerv4.AcceptTcpClient();
                // Accepted TCP Client
                listenerv4.Stop();
    
                // ------------------------------------------------------- placeholder delegate to trust anyone 
                var sslStream = new SslStream(client.GetStream(), false, (sender, peercert, chain, sslPolicyErrors) => true);
                sslStream.AuthenticateAsServer(certificate, true, System.Security.Authentication.SslProtocols.Tls, false);
    
                // Authenticated as Server
                // drop it
                client.Close();

    I have a full sample project to email someone who wants to look at it.

    Thanks, Eric

    Friday, February 10, 2012 5:46 AM

Answers

  • Andre - you're mostly right... but the problem is that none of the socket classes have a method which upgrades the socket to a client-certificate-enabled socket.  There's an UpgradeToSslOperation class which forces a StreamSocket to use server-side SSL only. 

    I had a conversation with one of our Program Managers about this - it's simply the way it is at this time.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator

    Thursday, February 16, 2012 2:52 PM
    Moderator

All replies