Archived Forum Post

Index of archived forum posts

Question:

Need ASP.NET Core application that will read an X509 certificate from a smart card

May 09 '17 at 16:41

I am assigned the task of creating a sample ASP.NET Core application that will read an X509 certificate from a smart card. How do I do that?

I am used to performing these function from Active Directory, so I have no idea..


Answer

A smart card protects the private key. There is no need to protect the certificate itself. The purpose of the smart card is for the protection of the private key that is associated with the certificate. An X509 certificate contains the public part of the key within it's contents.

So.. what you want to do is install the certificate on the Windows computer/server were your ASP.NET Core application will be running. The smart card vendor probably provided something files w/ or without instructions on how to do it. Once you've installed the cert on the computer, you should be able to see it in the Microsoft Certificate Management console. Go to the Windows Start menu, click on "Run.." and then type "certmgr.msc". Look in the Certificates -- Current User / Personal / Certificates.

Once installed there, you can use it (and the private key on the smart card) just like you would use any certificate. For example, see https://www.example-code.com/csharp/crypt_create_p7m_using_installed_cert.asp

Chilkat will automatically see that the private key is non-exportable, and will defer to the Microsoft Crypto-API to do the work. It will automatically use the smart card for PKI operations (signing, decrypting, etc.) However, you may be limited to whatever functionality/algorithms are supported by the vendor's CSP. If you need to do something it doesn't support, then you're out of luck.