All geek questions in one place

Can sn.exe use the Windows certificate store?

To sign the assembly with sn.exe in .NET, you can specify a public key for which the private key is contained only in the Windows CryptoAPI key store?

I see a parameter to specify the name of the CSP and the name of the container.

Are there any values ​​for accessing Windows certificates? (i.e. accessible from Windows EFS, Outlook, Internet Explorer, etc.)

Thanks.

Comment: In particular, I ask about this because there are several keys that do not have a private key marked as exportable, so I cannot export .pfx and follow this route.

+3
source share
1

.

, Windows, , . ( -, ​​ Yubikey, - OS ).

, , , .

, -, .

PowerShell :

Set-Location "cert:\Path\To\Your\Certificate"
# Usually "cert:\CurrentUser\My" is what you want
$cert=Get-Item ".\(your-certificate-thumbprint)"

CSP, ( -, CSP )

$cert=Get-Item .\(ThumbprintOfYourKey)
$cert.PrivateKey.CspKeyContainerInfo | fl *

- :

MachineKeyStore        : False
ProviderName           : Microsoft Base Smart Card Crypto Provider
ProviderType           : 1
KeyContainerName       : c0f031c2-0b5e-171b-d552-fab7345fc10a
UniqueKeyContainerName : c0f031c2-0b5e-171b-d552-fab7345fc10a
KeyNumber              : Signature
Exportable             : False
HardwareDevice         : True
Removable              : True
Accessible             : True
Protected              : True
CryptoKeySecurity      : System.Security.AccessControl.CryptoKeySecurity
RandomlyGenerated      : False

, Yubikey, CSP "Microsoft Base Smart Card Crypto Provider". , , , :

sn.exe -c "Microsoft Base Smart Card Crypto Provider"

- , ( , , , ).

: sn.exe, , ( "" ), -, sn.exe -Rc "your-container-name" "key.snk" : AssemblyKeyNameAttribute AssemblyInfo.cs :

[assembly: AssemblyKeyNameAttribute("Your Key Container Name")]

. , , CSP sn.exe -c, , " " ( ).

-1

Source: https://habr.com/ru/post/1710501/

More articles:


All Articles