我想将证书添加到X509Store。我可以从.pfx文件中添加证书。但我想从DSC令牌添加证书。怎么做到这一点?
private static void InstallCertificate(string cerFileName)
{
X509Certificate2 certificate = new X509Certificate2(cerFileName);
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
}
这里cerFileName是.pfx文件的路径,但是我没有pfx文件。我正在使用DSC令牌,所以我想将此证书添加到X509Store。如何从DSC令牌添加证书?
答案 0 :(得分:0)
如果您的DSC令牌与其他Windows加密作为智能卡一起使用,则certutil工具将有所帮助。该工具将证书从其认为是智能卡的任何设备上复制并注册私钥地址(在智能卡上):
C:\Users\jbarton>certutil -scinfo -silent
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: Gemplus USB Smart Card Reader 0
--- Reader: Gemplus USB Smart Card Reader 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
--- Card: Axalto Cryptoflex .NET
--- ATR:
3b 16 96 41 73 74 72 69 64 ;..Astrid
=======================================================
Analyzing card in reader: Gemplus USB Smart Card Reader 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemplus USB Smart Card Reader 0
--- Card: Axalto Cryptoflex .NET
Provider = Microsoft Base Smart Card Crypto Provider
[SNIP bunch of less useful stuff]
CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000041
Issuer: CN=Mister Issuer, DC=Authority, DC=PKI
NotBefore: 6/17/2013 4:26 PM
NotAfter: 6/17/2014 4:26 PM
Subject: CN=Jeremy Barton, OU=Users, DC=PKI
[more SNIPping]
--------------===========================--------------
使用MMC查看CurrentUser \ My store(certmgr.msc,Personal-> Certificates)应显示该命令后来自智能卡的证书。出于某种原因,我昨天遇到了一个命令运行的案例,我在MMC中看到了它,但是一个打开X509Store的工具
找到新证书并使用它并没有找到它几秒钟(2秒后没有工作,但在我检查了电子邮件并再次尝试后工作)。
(是的,我知道我的测试智能卡已经很老了。但是,是的,certutil -scinfo无论如何都要复制它,因为它仍然在智能卡上,所以它对某人(我!)仍然有用。) / p>
不要忘记-silent,否则您会收到PIN提示。很多。