从 X509Store 获取 X509Certificate 时提示用户输入密码?
我有一个 C# 表单(在客户端计算机上运行),它从商店收集所有用户 X509Certificates,将它们呈现给用户,以便他们可以选择他们想要使用的证书。 然后我将证书传递给网络服务来做一些工作。 这一切都很棒! 问题是,用户从未被提示输入 X509Certificate 密码? 当我从商店获得 X509Certificate 后,我找不到“检查密码”的方法。 我还考虑过使用 X509Certificate 构造函数,它需要路径和密码,但我没有看到从我从商店抓取的 X509Certificate 获取文件路径和名称的方法? 仅从商店获取证书而不询问用户密码是否安全?
这就是我从商店获取的信息:
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
for (int i = 0; i < store.Certificates.Count; i++)
{
X509Certificate c = store.Certificates[i];
...//add to GUI for user to pick here....
}
感谢您的帮助, 史蒂夫
I have a C# form (running on the client machine) which gathers all the user X509Certificates from the store, presents them to the user so they can pick the one they want to use. Then I pass the cert off to a webservice to do some work.
This all works great!
Problem is, the user is never prompted for the X509Certificate password? I can't find a method to "check password" once I have the X509Certificate from the store. I also thought about using the X509Certificate constructor, which needs the path and password, but I don't see a method to get the file path and name from the X509Certificate I grabbed from the store?
Is it secure to just grab the certificate from the store and not ask for the user's password?
This is how I'm grabbing from the store:
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
for (int i = 0; i < store.Certificates.Count; i++)
{
X509Certificate c = store.Certificates[i];
...//add to GUI for user to pick here....
}
Thanks for any help,
Steve
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这取决于证书的私钥是否受密码保护。 如果您从商店访问此类证书,Windows 应提示您输入它。
it depends wether the certificate's private key is protected by a password or not. If you accecss such a certificate from the store, windows should prompt you to enter it.
如果您选择使用来自加密设备(如 eToken 或智能卡)的证书,系统将自动提示您输入密码(设备密码,而不是证书)。 在其他情况下,我认为你不应该关心它。 您可以在 Windows 中轻松访问本地商店,无需任何密码,那么为什么要在应用程序中对它们进行密码保护呢?
If you choose to use a certificate from cryptographic device like eToken or SmartCard you will be automatically prompted to enter the password (password for the device, not certificate). In other cases I don't think you should care about it. You can easily access the local store without any passwords in Windows, so why would you pass-protect them in the app.