c# - .NET Framework x509Certificate2 Class, HasPrivateKey == true && PrivateKey == null? -


i'm attempting work x509 certificate imported currentuser keystore on windows 10 computer using "certificates" snap-in of mmc. same procedure has been tested on windows 8.1 computer same result.

using standard powershell pki module, i'm getting x509certificate2 object using get-item:

$my_cert = get-item cert:\currentuser\my\adaa82188a17thumbprintxxxxxxxxxxx 

the output of $my_cert | fl * follows:

pspath                   : microsoft.powershell.security\certificate::currentuser\my\xxxxxxxxxxxxxxxxxxx psparentpath             : microsoft.powershell.security\certificate::currentuser\my pschildname              : xxxxxxxxxxxxxxxxxxx psdrive                  : cert psprovider               : microsoft.powershell.security\certificate psiscontainer            : false enhancedkeyusagelist     : {secure email (1.3.6.1.5.5.7.3.4), ip security user (1.3.6.1.5.5.7.3.7), encrypting file                            system (1.3.6.1.4.1.311.10.3.4), document signing (1.3.6.1.4.1.311.10.3.12)...} dnsnamelist              : {my name} sendastrustedissuer      : false enrollmentpolicyendpoint : microsoft.certificateservices.commands.enrollmentendpointproperty enrollmentserverendpoint : microsoft.certificateservices.commands.enrollmentendpointproperty policyid                 : {d52c406f-c279-4bf2-b7c2-ee704290db3e} archived                 : false extensions               : {system.security.cryptography.oid, system.security.cryptography.oid,                            system.security.cryptography.oid, system.security.cryptography.oid...} friendlyname             : issuername               : system.security.cryptography.x509certificates.x500distinguishedname notafter                 : 4/15/2017 2:15:16 pm notbefore                : 4/15/2016 2:15:16 pm hasprivatekey            : true privatekey               : publickey                : system.security.cryptography.x509certificates.publickey rawdata                  : {56, 130, 19, 252...} serialnumber             : 4f0000002f700000000000000000000000 subjectname              : system.security.cryptography.x509certificates.x500distinguishedname signaturealgorithm       : system.security.cryptography.oid thumbprint               : xxxxxxxxxxxxxxxxxxx version                  : 3 handle                   : 2241663016272 issuer                   : cn=issuing ca, dc=my, dc=domain, dc=us subject                  : e=my.name@my.domain.us, cn=my name 

so hasprivatekey == true, privatekey == null. i've been trying figure out how gain access private key perform encryption , decryption. examples i've seen online seem indicate privatekey property of x509certificate2 class should readily available, apparently i've missed something.

i've read similar questions here, such empty privatekey in x509certificate2, none seem resolve issue. i've read eight tips working x.509 certificates in .net paul stovell, enlightening, didn't help. did me verify private key exists in correct place and, far can tell, correct permissions referenced x509certificate2 class:

c:\users\my.name\appdata\roaming\microsoft\systemcertificates\my\keys 

the name of key file matches subject key identifier on certificate.

edit:

the output of certutil -user -store "serial number" is:

serial number: 4f000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx issuer: cn=issuing ca, dc=my, dc=domain, dc=us  notbefore: 4/15/2016 2:15 pm  notafter: 4/15/2017 2:15 pm subject: e=my.name@my.domain.us, cn=my name non-root certificate template: userv1, user v1 cert hash(sha1): ad ab 82 18 8a 17 4d 75 11 04 48 7c 43 43 d4 05 b9 74 c8 4c   key container = te-userv1-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx   unique container name: fcbba1aa0xxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx   provider = microsoft software key storage provider encryption test passed certutil: -store command completed successfully. 

what "key" piece of information missing here? why isn't private key conveniently referenced x509certificate2 object? how gain access it?

this may indicate 1 of following:

1) private key stored in key storage provider (rather legacy crypto service provider) poorly supported .net , not supported privatekey property of x509certificate2 class @ all. can check running following command:

certutil -user -store "<certserialnumber>" 

2) private key missing.

hasprivatekey property doesn't necessary reflect actual picture , may true non-existent keys or false existing keys. run certutil command above make sure if key presented.

in case if private key presented, bindings broken, can try restore bindings running following command:

certutil -user -repairstore "<certserialnumber>" 

Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -