当前位置: 文江博客话题详情

从 DoD CAC 卡获取客户端证书

发布于 2024-12-11 18:46:28 字数 323 浏览 0 评论 0原文

我有一个使用 LibCurl 的 C 应用程序(LibCurl 是一个与 Web 服务器建立 HTTP 连接的 C API)。使用 LibCurl,我需要从需要客户端证书的 HTTPS 服务器下载文件。

到目前为止,我们的技术解决方案效果很好。

我的问题是我们需要使用的客户端证书驻留在 DoD CAC 卡上。我需要能够从 DOD CAC 卡中提取客户端证书(从我的 C 应用程序中),并将其写入文件或仅引用 CAC 上的文件。然后,此写入或引用的文件将被指定为我的 HTTPS 连接中的客户端证书。

我不知道如何从 DoD CAC 卡中查找或引用客户端证书。非常感谢任何帮助。谢谢。

原文

I have a C application that uses LibCurl (LibCurl is a C API that makes an HTTP connection to a web server). Using LibCurl I need to download a file from an HTTPS server that requires a client certificate.

So far our technical solution works great.

My problem is that the client certificate that we need to use resides on a DoD CAC card. I need to be able to pull the client certificate off of the DOD CAC card (from within my C app) and either write it to a file or just reference the file on the CAC. This written or referenced file will then be specified as my client certificate in my HTTPS connection.

I do not know how to locate or reference the client certificate off the DoD CAC Card. Any help is very much appreciated. Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

维持三分热 2024-12-18 18:46:28

当 activeClient 将 CAC 卡证书发布到 Windows 时,它应该将证书导出到存储区。您可能需要自动将证书从本地证书存储导出到 .pfx 或 .p7b 格式等文件。也许.cer,我不知道这是否可能。它需要受到密码保护。

我认为如果没有中间层(如证书存储),您无法直接从 CAC 卡执行此操作。

When activeClient publishes the CAC card certs to windows it should export the certs to the store. You may need to automate the exporting of the certificate from your local cert store to a file like .pfx or .p7b format. Maybe .cer, I don't know if that's possible. It'll need to be pwd protected.

I don't think you can do it directly from the CAC card without an intermediary middle layer (like the cert store).

回复 原文
往昔成烟 2024-12-18 18:46:28

这是 C# 的方法,它可能对 C 有帮助,我真的不熟悉 C 代码。

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
private static X509Certificate GetClientCert()
{
  X509Store store = null;
  try
   {
    store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

    var certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Integration Client Certificate", true);
    if (certs.Count == 1)
    {
       var cert = certs[0];
       return cert;
    }
   }
   finally
   {
    if (store != null)
    store.Close();
   }

 return null;
}

获取和导出证书的代码是

//This will bring up the selection prompt to select your cert


X509Certificate c = GetClientCert();


//The password should be the pin converted to a secure string variable.
//note the code above will not prompt for a pin if you want this you will have to build the prompt yourself.  It will only select the certificate.

c.Export(X509ContentType.Cert, securestring password);

导出方法有多种导出类型我不确定其中是否是您所指的格式。这是你需要玩的东西。我什至不确定您是否能够在 C 中使用这些库,但以防万一您可以我发布它们。

This is the method for C# it may help with C I'm really not familiar with C code.

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
private static X509Certificate GetClientCert()
{
  X509Store store = null;
  try
   {
    store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

    var certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Integration Client Certificate", true);
    if (certs.Count == 1)
    {
       var cert = certs[0];
       return cert;
    }
   }
   finally
   {
    if (store != null)
    store.Close();
   }

 return null;
}

The code to get and export the cert is

//This will bring up the selection prompt to select your cert


X509Certificate c = GetClientCert();


//The password should be the pin converted to a secure string variable.
//note the code above will not prompt for a pin if you want this you will have to build the prompt yourself.  It will only select the certificate.

c.Export(X509ContentType.Cert, securestring password);

The export method has various types to export to I am not sure if one will be the format you are referring to. This is something you will need to play with. I am not even sure you will be able to use those libraries in C but just in case you could I posted them.

回复 原文
~没有更多了~

关于作者

瀟灑尐姊

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

醉城メ夜风

文章 0 评论 0

远昼

文章 0 评论 0

平生欢

文章 0 评论 0

微凉

文章 0 评论 0

Honwey

文章 0 评论 0

qq_ikhFfg

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文