Export (0) Print
Expand All

X509Certificate2 Class

Represents an X.509 certificate.

System.Object
  System.Security.Cryptography.X509Certificates.X509Certificate
    System.Security.Cryptography.X509Certificates.X509Certificate2

Namespace:  System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

[SerializableAttribute]
public class X509Certificate2 : X509Certificate

The X509Certificate2 type exposes the following members.

  NameDescription
Public methodX509Certificate2()Initializes a new instance of the X509Certificate2 class.
Public methodX509Certificate2(Byte[])Initializes a new instance of the X509Certificate2 class using information from a byte array.
Public methodX509Certificate2(IntPtr)Initializes a new instance of the X509Certificate2 class using an unmanaged handle.
Public methodX509Certificate2(String)Initializes a new instance of the X509Certificate2 class using a certificate file name.
Public methodX509Certificate2(X509Certificate)Initializes a new instance of the X509Certificate2 class using an X509Certificate object.
Public methodX509Certificate2(Byte[], SecureString)Initializes a new instance of the X509Certificate2 class using a byte array and a password.
Public methodX509Certificate2(Byte[], String)Initializes a new instance of the X509Certificate2 class using a byte array and a password.
Protected methodX509Certificate2(SerializationInfo, StreamingContext)Initializes a new instance of the X509Certificate2 class using the specified serialization and stream context information.
Public methodX509Certificate2(String, SecureString)Initializes a new instance of the X509Certificate2 class using a certificate file name and a password.
Public methodX509Certificate2(String, String)Initializes a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate.
Public methodX509Certificate2(Byte[], SecureString, X509KeyStorageFlags)Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.
Public methodX509Certificate2(Byte[], String, X509KeyStorageFlags)Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.
Public methodX509Certificate2(String, SecureString, X509KeyStorageFlags)Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.
Public methodX509Certificate2(String, String, X509KeyStorageFlags)Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag.
Top

  NameDescription
Public propertyArchivedGets or sets a value indicating that an X.509 certificate is archived.
Public propertyExtensionsGets a collection of X509Extension objects.
Public propertyFriendlyNameGets or sets the associated alias for a certificate.
Public propertyHandleGets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged PCCERT_CONTEXT structure. (Inherited from X509Certificate.)
Public propertyHasPrivateKeyGets a value that indicates whether an X509Certificate2 object contains a private key.
Public propertyIssuerGets the name of the certificate authority that issued the X.509v3 certificate. (Inherited from X509Certificate.)
Public propertyIssuerNameGets the distinguished name of the certificate issuer.
Public propertyNotAfterGets the date in local time after which a certificate is no longer valid.
Public propertyNotBeforeGets the date in local time on which a certificate becomes valid.
Public propertyPrivateKeyGets or sets the AsymmetricAlgorithm object that represents the private key associated with a certificate.
Public propertyPublicKeyGets a PublicKey object associated with a certificate.
Public propertyRawDataGets the raw data of a certificate.
Public propertySerialNumberGets the serial number of a certificate.
Public propertySignatureAlgorithmGets the algorithm used to create the signature of a certificate.
Public propertySubjectGets the subject distinguished name from the certificate. (Inherited from X509Certificate.)
Public propertySubjectNameGets the subject distinguished name from a certificate.
Public propertyThumbprintGets the thumbprint of a certificate.
Public propertyVersionGets the X.509 format version of a certificate.
Top

  NameDescription
Public methodEquals(Object)Compares two X509Certificate objects for equality. (Inherited from X509Certificate.)
Public methodEquals(X509Certificate)Compares two X509Certificate objects for equality. (Inherited from X509Certificate.)
Public methodExport(X509ContentType)Exports the current X509Certificate object to a byte array in a format described by one of the X509ContentType values. (Inherited from X509Certificate.)
Public methodExport(X509ContentType, SecureString)Exports the current X509Certificate object to a byte array using the specified format and a password. (Inherited from X509Certificate.)
Public methodExport(X509ContentType, String)Exports the current X509Certificate object to a byte array in a format described by one of the X509ContentType values, and using the specified password. (Inherited from X509Certificate.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodStatic memberGetCertContentType(Byte[])Indicates the type of certificate contained in a byte array.
Public methodStatic memberGetCertContentType(String)Indicates the type of certificate contained in a file.
Public methodGetCertHashReturns the hash value for the X.509v3 certificate as an array of bytes. (Inherited from X509Certificate.)
Public methodGetCertHashStringReturns the SHA1 hash value for the X.509v3 certificate as a hexadecimal string. (Inherited from X509Certificate.)
Public methodGetEffectiveDateStringReturns the effective date of this X.509v3 certificate. (Inherited from X509Certificate.)
Public methodGetExpirationDateStringReturns the expiration date of this X.509v3 certificate. (Inherited from X509Certificate.)
Public methodGetFormatReturns the name of the format of this X.509v3 certificate. (Inherited from X509Certificate.)
Public methodGetHashCodeReturns the hash code for the X.509v3 certificate as an integer. (Inherited from X509Certificate.)
Public methodGetIssuerName Obsolete. Returns the name of the certification authority that issued the X.509v3 certificate. (Inherited from X509Certificate.)
Public methodGetKeyAlgorithmReturns the key algorithm information for this X.509v3 certificate as a string. (Inherited from X509Certificate.)
Public methodGetKeyAlgorithmParametersReturns the key algorithm parameters for the X.509v3 certificate as an array of bytes. (Inherited from X509Certificate.)
Public methodGetKeyAlgorithmParametersStringReturns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string. (Inherited from X509Certificate.)
Public methodGetName Obsolete. Returns the name of the principal to which the certificate was issued. (Inherited from X509Certificate.)
Public methodGetNameInfoGets the subject and issuer names from a certificate.
Public methodGetPublicKeyReturns the public key for the X.509v3 certificate as an array of bytes. (Inherited from X509Certificate.)
Public methodGetPublicKeyStringReturns the public key for the X.509v3 certificate as a hexadecimal string. (Inherited from X509Certificate.)
Public methodGetRawCertDataReturns the raw data for the entire X.509v3 certificate as an array of bytes. (Inherited from X509Certificate.)
Public methodGetRawCertDataStringReturns the raw data for the entire X.509v3 certificate as a hexadecimal string. (Inherited from X509Certificate.)
Public methodGetSerialNumberReturns the serial number of the X.509v3 certificate as an array of bytes. (Inherited from X509Certificate.)
Public methodGetSerialNumberStringReturns the serial number of the X.509v3 certificate as a hexadecimal string. (Inherited from X509Certificate.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodImport(Byte[])Populates an X509Certificate2 object with data from a byte array. (Overrides X509Certificate.Import(Byte[]).)
Public methodImport(String)Populates an X509Certificate2 object with information from a certificate file. (Overrides X509Certificate.Import(String).)
Public methodImport(Byte[], SecureString, X509KeyStorageFlags)Populates an X509Certificate2 object using data from a byte array, a password, and a key storage flag. (Overrides X509Certificate.Import(Byte[], SecureString, X509KeyStorageFlags).)
Public methodImport(Byte[], String, X509KeyStorageFlags)Populates an X509Certificate2 object using data from a byte array, a password, and flags for determining how to import the private key. (Overrides X509Certificate.Import(Byte[], String, X509KeyStorageFlags).)
Public methodImport(String, SecureString, X509KeyStorageFlags)Populates an X509Certificate2 object with information from a certificate file, a password, and a key storage flag. (Overrides X509Certificate.Import(String, SecureString, X509KeyStorageFlags).)
Public methodImport(String, String, X509KeyStorageFlags)Populates an X509Certificate2 object with information from a certificate file, a password, and a X509KeyStorageFlags value. (Overrides X509Certificate.Import(String, String, X509KeyStorageFlags).)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodResetResets the state of an X509Certificate2 object. (Overrides X509Certificate.Reset().)
Public methodToString()Displays an X.509 certificate in text format. (Overrides X509Certificate.ToString().)
Public methodToString(Boolean)Displays an X.509 certificate in text format. (Overrides X509Certificate.ToString(Boolean).)
Public methodVerifyPerforms a X.509 chain validation using basic validation policy.
Top

  NameDescription
Explicit interface implemetationPrivate methodIDeserializationCallback.OnDeserializationImplements the ISerializable interface and is called back by the deserialization event when deserialization is complete. (Inherited from X509Certificate.)
Explicit interface implemetationPrivate methodISerializable.GetObjectDataGets serialization information with all the data needed to recreate an instance of the current X509Certificate object. (Inherited from X509Certificate.)
Top

The X.509 structure originated in the International Organization for Standardization (ISO) working groups. This structure can be used to represent various types of information including identity, entitlement, and holder attributes (permissions, age, sex, location, affiliation, and so forth). Although the ISO specifications are most informative on the structure itself, the X509Certificate2 class is designed to model the usage scenarios defined in specifications issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure, X.509 (PKIX) working group. The most informative of these specifications is RFC 3280, "Certificate and Certificate Revocation List (CRL) Profile."

The following example demonstrates how to use an X509Certificate2 object to encrypt and decrypt a file.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and  
// place it in the local user store.  
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:  

//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
    class Program
    {

        // Path variables for source, encryption, and 
        // decryption folders. Must end with a backslash. 
        private static string encrFolder = @"C:\Encrypt\";
        private static string decrFolder = @"C:\Decrypt\";
        private static string originalFile = "TestData.txt";
        private static string encryptedFile = "TestData.enc";

        static void Main(string[] args)
        {

            // Create an input file with test data.
            StreamWriter sw = File.CreateText(originalFile);
            sw.WriteLine("Test data to be encrypted");
            sw.Close();

            // Get the certifcate to use to encrypt the key.
            X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
            if (cert == null)
            {
                Console.WriteLine("Certificatge 'CN=CERT_SIGN_TEST_CERT' not found.");
                Console.ReadLine();
            }


            // Encrypt the file using the public key from the certificate.
            EncryptFile(originalFile, (RSACryptoServiceProvider)cert.PublicKey.Key);

            // Decrypt the file using the private key from the certificate.
            DecryptFile(encryptedFile, (RSACryptoServiceProvider)cert.PrivateKey);

            //Display the original data and the decrypted data.
            Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile));
            Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
        }
        private static X509Certificate2 GetCertificateFromStore(string certName)
        {

            // Get the certificate store for the current user.
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // Place all certificates in an X509Certificate2Collection object.
                X509Certificate2Collection certCollection = store.Certificates;
                // If using a certificate with a trusted root you do not need to FindByTimeValid, instead: 
                // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
                if (signingCert.Count == 0)
                    return null;
                // Return the first certificate in the collection, has the right name and is current. 
                return signingCert[0];
            }
            finally
            {
                store.Close();
            }

        }

        // Encrypt a file using a public key. 
        private static void EncryptFile(string inFile, RSACryptoServiceProvider rsaPublicKey)
        {
            using (AesManaged aesManaged = new AesManaged())
            {
                // Create instance of AesManaged for 
                // symetric encryption of the data.
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;
                using (ICryptoTransform transform = aesManaged.CreateEncryptor())
                {
                    RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
                    byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType());

                    // Create byte arrays to contain 
                    // the length values of the key and IV. 
                    byte[] LenK = new byte[4];
                    byte[] LenIV = new byte[4];

                    int lKey = keyEncrypted.Length;
                    LenK = BitConverter.GetBytes(lKey);
                    int lIV = aesManaged.IV.Length;
                    LenIV = BitConverter.GetBytes(lIV);

                    // Write the following to the FileStream 
                    // for the encrypted file (outFs): 
                    // - length of the key 
                    // - length of the IV 
                    // - ecrypted key 
                    // - the IV 
                    // - the encrypted cipher content 

                    int startFileName = inFile.LastIndexOf("\\") + 1;
                    // Change the file's extension to ".enc" 
                    string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
                    Directory.CreateDirectory(encrFolder);

                    using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                    {

                        outFs.Write(LenK, 0, 4);
                        outFs.Write(LenIV, 0, 4);
                        outFs.Write(keyEncrypted, 0, lKey);
                        outFs.Write(aesManaged.IV, 0, lIV);

                        // Now write the cipher text using 
                        // a CryptoStream for encrypting. 
                        using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                        {

                            // By encrypting a chunk at 
                            // a time, you can save memory 
                            // and accommodate large files. 
                            int count = 0;
                            int offset = 0;

                            // blockSizeBytes can be any arbitrary size. 
                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];
                            int bytesRead = 0;

                            using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    offset += count;
                                    outStreamEncrypted.Write(data, 0, count);
                                    bytesRead += blockSizeBytes;
                                }
                                while (count > 0);
                                inFs.Close();
                            }
                            outStreamEncrypted.FlushFinalBlock();
                            outStreamEncrypted.Close();
                        }
                        outFs.Close();
                    }
                }
            }
        }


        // Decrypt a file using a private key. 
        private static void DecryptFile(string inFile, RSACryptoServiceProvider rsaPrivateKey)
        {

            // Create instance of AesManaged for 
            // symetric decryption of the data. 
            using (AesManaged aesManaged = new AesManaged())
            {
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;

                // Create byte arrays to get the length of 
                // the encrypted key and IV. 
                // These values were stored as 4 bytes each 
                // at the beginning of the encrypted package. 
                byte[] LenK = new byte[4];
                byte[] LenIV = new byte[4];

                // Consruct the file name for the decrypted file. 
                string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";

                // Use FileStream objects to read the encrypted 
                // file (inFs) and save the decrypted file (outFs). 
                using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
                {

                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Read(LenK, 0, 3);
                    inFs.Seek(4, SeekOrigin.Begin);
                    inFs.Read(LenIV, 0, 3);

                    // Convert the lengths to integer values. 
                    int lenK = BitConverter.ToInt32(LenK, 0);
                    int lenIV = BitConverter.ToInt32(LenIV, 0);

                    // Determine the start postition of 
                    // the ciphter text (startC) 
                    // and its length(lenC). 
                    int startC = lenK + lenIV + 8;
                    int lenC = (int)inFs.Length - startC;

                    // Create the byte arrays for 
                    // the encrypted AesManaged key, 
                    // the IV, and the cipher text. 
                    byte[] KeyEncrypted = new byte[lenK];
                    byte[] IV = new byte[lenIV];

                    // Extract the key and IV 
                    // starting from index 8 
                    // after the length values.
                    inFs.Seek(8, SeekOrigin.Begin);
                    inFs.Read(KeyEncrypted, 0, lenK);
                    inFs.Seek(8 + lenK, SeekOrigin.Begin);
                    inFs.Read(IV, 0, lenIV);
                    Directory.CreateDirectory(decrFolder);
                    // Use RSACryptoServiceProvider 
                    // to decrypt the AesManaged key. 
                    byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, false);

                    // Decrypt the key. 
                    using (ICryptoTransform transform = aesManaged.CreateDecryptor(KeyDecrypted, IV))
                    {

                        // Decrypt the cipher text from 
                        // from the FileSteam of the encrypted 
                        // file (inFs) into the FileStream 
                        // for the decrypted file (outFs). 
                        using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                        {

                            int count = 0;
                            int offset = 0;

                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];

                            // By decrypting a chunk a time, 
                            // you can save memory and 
                            // accommodate large files. 

                            // Start at the beginning 
                            // of the cipher text.
                            inFs.Seek(startC, SeekOrigin.Begin);
                            using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    offset += count;
                                    outStreamDecrypted.Write(data, 0, count);

                                }
                                while (count > 0);

                                outStreamDecrypted.FlushFinalBlock();
                                outStreamDecrypted.Close();
                            }
                            outFs.Close();
                        }
                        inFs.Close();
                    }

                }

            }
        }

    }
}

The following example creates a command-line executable that takes a certificate file as an argument and prints various certificate properties to the console.

using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;


class CertInfo
{
	//Reads a file. 
	internal static byte[] ReadFile (string fileName)
	{
		FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
		int size = (int)f.Length;
		byte[] data = new byte[size];
		size = f.Read(data, 0, size);
		f.Close();
		return data;
	}
	//Main method begins here. 
	static void Main(string[] args)
	{
		//Test for correct number of arguments. 
		if (args.Length < 1)
		{
			Console.WriteLine("Usage: CertInfo <filename>");
			return;
		}
		try
		{
			X509Certificate2 x509 = new X509Certificate2();
			//Create X509Certificate2 object from .cer file. 
			byte[] rawData = ReadFile(args[0]);

			x509.Import(rawData);

			//Print to console information contained in the certificate.
			Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine,x509.Subject);
			Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine,x509.Issuer);
			Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine,x509.Version);
			Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine,x509.NotBefore);
			Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine,x509.NotAfter);
			Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine,x509.Thumbprint);
			Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine,x509.SerialNumber);
			Console.WriteLine("{0}Friendly Name: {1}{0}", 								Environment.NewLine,x509.PublicKey.Oid.FriendlyName);
			Console.WriteLine("{0}Public Key Format: {1}{0}", 											Environment.NewLine,x509.PublicKey.EncodedKeyValue.Format(true));
			Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine,x509.RawData.Length);
			Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine,x509.ToString(true));

			Console.WriteLine("{0}Certificate to XML String: {1}{0}", 								Environment.NewLine,x509.PublicKey.Key.ToXmlString(false));

			//Add the certificate to a X509Store.
			X509Store store = new X509Store();
			store.Open(OpenFlags.MaxAllowed);
			store.Add(x509);
			store.Close();
		}

		catch (DirectoryNotFoundException)
			{
				   Console.WriteLine("Error: The directory specified could not be found.");
			}
		catch (IOException)
			{
				Console.WriteLine("Error: A file in the directory could not be accessed.");
			}
		catch (NullReferenceException)
			{
				Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
			}
	}

}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft