.NET and the XAdES standard

Hi all,   You may know already that SignedXml class in .NET doesn’t support the XML Advanced Electronic Signatures (XAdES) standard (more info here: Which standards does SignedXml support?) Fortunatelly my colleagues in Microsoft France developed a XAdES library for .NET (Microsoft.Xades.dll) that they published on this French site: Kit de démarrage « Signature avancée (XAdES) pour Microsoft .NET…


How to remove a certificate from a certificate store programmatically (PowerShell)

Hi all, The following sample will remove a certificate from MY certificate store of the local machine after locating it by serial number: # Pass Serial Number of the cert you want to remove param ($serialNumber = $(throw “Please pass a certificate’s serial number to the script”)) # Access MY store of Local Machine profile…


How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)

Hi all, The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs: # Get all certs in MY store of Local Machine profile $store = New-Object System.Security.Cryptography.X509Certificates.X509Store(“My”,”LocalMachine”) $store.Open(“ReadOnly”) $store.Certificates…


Big delay when calling SslStream.AuthenticateAsClient

Hi all, Some time ago I had a customer who was opening a SSL connection on his C# application, and he was calling SslStream.AuthenticateAsClient. His problem was that this call was taking around 15 seconds for each connection he made.  I debugged the issue and saw that the time that SslStream.AuthenticateAsClient was taking went to…


How to verify validity of certificates with .NET

Hi all,   The other day a customer of mine was trying to verify the validity of a certificate with a .NET code like the following: Dim cert As X509Certificate2 = New X509Certificate2(filename) Dim chain As New X509Chain() chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain chain.ChainPolicy.RevocationMode = X509RevocationMode.Online chain.ChainPolicy.VerificationFlags = _ X509VerificationFlags.IgnoreCtlSignerRevocationUnknown Or _ X509VerificationFlags.IgnoreRootRevocationUnknown Or _ X509VerificationFlags.IgnoreEndRevocationUnknown Or…


X509Certificate2 raises "The Smart card resource manager is not running" exception

Hi all, Some time ago a customer of mine was getting a CryptographicException with message “The Smart card resource manager is not running” when using X509Certificate2 object in a Windows service. This was the call stack at the point of exception:   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer,…


How to verify signatures using a temporary keyset in .NET

Hi all, Some time ago a customer of mine had issues to verify signatures with RSACryptoServiceProvider when users had a mandatory and/or roaming profile, as he was getting the following exception: “System.Security.Cryptography.CryptographicException: Cryptographic Service Provider (CSP) for this implementation could not be acquired”. I already talked about this: RSACryptoServiceProvider fails when used with mandatory profiles….


Unable to import a key into KeyNumber.Signature with RSACryptoServiceProvider

Hi all, The other day a customer of mine was having an issue when importing key pairs with .NET’s RSACryptoServiceProvider. When setting KeyNumber parameter to KeyNumber.Exchange everything seems to be fine. But when setting the KeyNumber parameter to KeyNumber.Signature the key pair is imported to the KeyNumber.Exchange slot just as if you haven’t set the KeyNumber…


Big delay when calling X509Certificate2 constructor

Hi all, The other day a customer of mine was experiencing big delays when making this kind of calls to X509Certificate2 constructor: X509Certificate2 cert = new X509Certificate2(byteArray); Sometimes this process was almost instant, sometimes it took up to 2 minutes to create the object!!! During the reproduction of the issue, CPU usage was very high….


EnvelopedCMS throws an "ASN1 out of memory" exception with files larger than 5 MB

Hi all, When using .NET’s EnvelopedCMS to decode a file that is larger than 5 MB, you may get the following exception on Windows 7/Server 2008 R2: Unhandled Exception: System.Security.Cryptography.CryptographicException: ASN1 out of memory.   at System.Security.Cryptography.Pkcs.EnvelopedCms.OpenToDecode(Byte[] encodedMessage)   at System.Security.Cryptography.Pkcs.EnvelopedCms.Decode(Byte[] encodedMessage) This simple code reproduces the issue: byte[] encryptedContent = File.ReadAllBytes(@”c:\EncryptedFile.test”); EnvelopedCms cms = new EnvelopedCms();…