Philadelphia, PA +267 235 3589


Get info about local digital certificates with WSE 2.0 and .NET

Rating: 1301 user(s) have rated this article Average rating:4.32
Posted by: Orest, on 3/3/2007, in category ".NET Articles "
Views: this article has been read 3681 times

This article describes how to get information about digital certificates stored on your local machine. It also shows how to search certificates by name, and retrieve a certificate hash.


First at all, I want to mention that this is my first article, so I will ask everybody to be patient and forgiving :) This article describes how to get information about digital certificates stored on your local machine; to be more specific, it looks into your System provider. It also shows how to search a certificate by name, and retrieve the certificate hash. For more info about .NET cryptography, read this article.


There has been a lot of articles published about cryptography classes in .NET, so I will not go into details on that, but instead I suggest you to read article that I mentioned above. In this article, I will show you how to access your digital certificate information and use it; particularly, I will give you an example of how to retrieve information from the "CurrentUser" and "LocalMachine" Store Locations. If you need to search for a certificate by name or if you are planning to get the certificate hash, this article is for you. Recently, I had to write some code that had to find a certificate based on the name of the certificate or the certificate key. After that, I had to encrypt some data using that certificate's private key. While it sounds easy, when you try to code this, you will notice that you can't really see the hash value because it's encoded. Therefore, I had to get the certificate and then convert that to a string first.


In the heart of this project, I have a function getCertFromStore that will retrieve all certificates from the store based on the requested certificate info. It has an optional parameter Name that will search for certificates with that name.

Public Function getCertFromStore(ByVal pCert_info As X509_Certificate_info, _
ByRef psError_Msg As String, _
Optional ByVal Name As String = "") _
As X509CertificateCollection
Dim certLocation As X509CertificateStore.StoreLocation
If pCert_info.Certficate_Location = "LocalMachine" Then
certLocation = X509CertificateStore.StoreLocation.LocalMachine
ElseIf pCert_info.Certficate_Location = "CurrentUser" Then
certLocation = X509CertificateStore.StoreLocation.CurrentUser
psError_Msg = "Error Setting Location"
Return Nothing
End If
Dim certProvider As X509CertificateStore.StoreProvider
' for this test use system provider
If pCert_info.Provider = "System" Then
'Opening the System Store
certProvider = X509CertificateStore.StoreProvider.System
psError_Msg = "Retrieving certificate data: " & _
"StoreProvider is not SYSTEM Store "
Return Nothing
End If
Dim certStore As X509CertificateStore
'Specify store there certificates reside
If pCert_info.Store_Name.ToUpper = "MY" Then
certStore = New X509CertificateStore(certProvider, _
certLocation, pCert_info.Store_Name)
ElseIf pCert_info.Store_Name.ToUpper = "ROOT" Then
certStore = _
psError_Msg = "Unknown Store"
Return Nothing
End If
' Try opening certificate store store
Dim boolOpen As Boolean = certStore.OpenRead()
Catch ex As Exception
psError_Msg = "Can not open certificate store for Provider:" & _
certProvider & " Location:" & _
certLocation & " Store Name:" & _
Return Nothing
End Try
Dim cersCollection As X509CertificateCollection
If Name <> "" Then
'Search for the certificate in the store based
' on the subject name (exact match)
cersCollection = certStore.FindCertificateBySubjectString(Name)
cersCollection = certStore.Certificates
End If
Return cersCollection
End Function

After getting all the certificates from the store, we can get all the information about individual certificates, as needed.

txtName.Text= certMy.GetName
txtHash.Text = System.Convert.ToBase64String(certMy.GetKeyIdentifier)

I also do a check to make sure I have the private key if I need to use the RSACryptoServiceProvider.

rsaCSP = CType(certMy.Key, RSACryptoServiceProvider)
MsgBox("You have access to private keys on this certificate", _
'Here you can start encrypting stuff
Catch ex As Exception
MsgBox("Error Getting RSACryptoServiceProvider" & _
ex.Message, MsgBoxStyle.Critical)
End Try


Even though this code is not really complicated, it becomes handy when you need to use certificate hashes since you will not be able to use that from the Certificate console. Please note that certMy has a lot of properties that you can use.

How would you rate this article?

Questions? Comments?

Want to get started?