I am fetching my organization's applications using the MS Graph API, and I am attempting to read the thumbprints of the certificates attached to each. It returns a byte[] but I can't seem to find the right encoding to convert to string.
The graph API returns a list of Application objects, which have a KeyCredentials enumerable, and finally a CustomKeyIdentifier, which should be the thumbprint. See this Microsoft page for more details on KeyCredentials.
The code I have tried is
System.Text.Encoding.ASCII.GetString(credential.CustomKeyIdentifier);
This returns gibberish characters, presumably because the encoding is incorrect, but I have tried every other encoding option available in Text.Encoding to no avail. How can I convert the CustomKeyIdentifier to a string?
It should be a Base64 string so
System.Convert.ToBase64String(credential.CustomKeyIdentifier);
Or if you want the Hex version which is generally what people want when looking at the thumbprint it would be
BitConverter.ToString(credential.CustomKeyIdentifier).Replace("-","");
Related
I have an API that creates and exports certificates, I also have access to the UI to export them manually. The problem here is: when I export a cert using c# the API returns a well-formed base64 string, if I take this string and convert it to an X.509 object it still works, but, when I export this to a cert file it seems to be insecure. If I export the certificate manually it returns the exact base64 string, but it seems to be secure and well-formed.
So, what's the difference? or how could I export the base64 string to a cert file while avoiding insecurity issues?
Thanks in advance.
My current approach is:
File.WriteAllBytes("certification.cer", GetCertificate(base64).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
And:
File.WriteAllBytes("certification.cer", Convert.FromBase64String(base64))
I am trying to consume a Java web service from a C# client. The service requires BinarySecurityToken element with value type X509PKIPathv1.
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1">
MIIH......
</wsse:BinarySecurityToken>
Since WCF does not support X509PKIPathv1 value type, I am generating the SOAP message by hand, signing it using the SignedXml class, encrypting it using the EncryptedXml and sending it using the WebClient class. As for the value of BinarySecurityToken element, I used the value generated in SoapUI for the same certificate, and it works.
But, I would like to be able to generate this value programmatically from .p12 file, and not having to paste it from SoapUI again every time when the certificate expires.
The WS-Security documentation is a bit vague, so I am not sure how to go about it. This is all the information it gives about this token type:
#X509PKIPathv1: An ordered list of X.509 certificates packaged in a PKIPath
How to generate this value from .p12 file in C#? SoapUI does it somehow.
So this may not be a fully solution to your problem but it may help you out somewhat.
This:
#X509PKIPathv1: An ordered list of X.509 certificates packaged in a PKIPath
means is a asn1 sequence or chain of certificates that you have used to sign your message. You can even see it here.
To give some context asn1 is way of representing data in way independent of the machine you are using. This data is binary and not human readable so you transform it to bade 64 and that is what you see in that field.
I am not entirely sure what the exact content of your .p12 file is but at the very least I assume it has the certificate of the private key you used to sign your message and maybe the chain until the publicly trusted certificate or CA.
I am mostly a C++ developer and I know openssl provides a C like api to read a certificate manipulate the underlying asn1 structure and the output it as a string.
Sorry for not providing with a greater level of detail or a code example
I'm sending a JSON result back to a javascript (Jquery) on my IIS/MVC4 website.
The json contains a string value of around 60-100 letters.
Currently it is being sent in clear text with no encyption at all.
What would be the simplest method to encrypt just this message between the javascript client and the .net C# backend?
The encryption dosent have to be superb, but just enough that you cant figure/bruteforce out the contents in under 1 hour.
Keep in mind that everyone has the javascript so I cant just use a common key for all clients.
I was thinking something along the line of an RSA encryption where the client generates a keypair and sends its public key back with the request and the server uses this to encrypt the value.. I cant find any examples of this though so I'm very open to suggestions.
Run the entire webpage over SSL (HTTPS). The server and browser will take care of encryption for you.
I am trying to implement HTTP communication authenticated by client certificate. When sending an HTTP request on "normal" (i.e. not Compact) .NET Framework, it's quite simple:
HttpWebRequest request = ...;
string certificatePath = ...;
string certificatePassword = ...;
request.ClientCertificates.Add(
new X509Certificate(certificatePath, certificatePassword));
However, on Compact Framework 3.5, X509Certificate has only one constructor which accepts byte array and nothing else. I suppose that I should read a certificate file and pass its contents into that byte array, but what about the password? How should I specify it on Compact Framework?
I did not find any way to use X509Certificate and password.
In the end, I've decided to use X509Store and grab certificates from there. This will make deployment a bit more difficult then originally anticipated, but at least it's doable :)
I'm two years late, but I stumbled across this question in my own research.
If you look closely at the documentation's example code, you see that you have to first open the PFX file and then export it before creating another instance of the X509Certificate class.
The way I understood this is as follows: the full .NET Framework API (i.e., on the desktop) takes a password parameter for the class' constructor as an overload. So, using the full framework, you export the certificate's raw data (i.e., without the securing password) using the Export method and then store the resulting byte array into a file. Afterward, you transfer that file to the mobile device, read the file into a byte array and pass that to the X509Certificate constructor on the Compact Framework.
Of course, this is the "raw" way of going about the problem. One has to then take care to secure the data being transferred in some way.
On further reading, exporting the PFX file in this way does not include the private key, though.
I am creating a clone of the facebook Rest API in c#, I am testing it with the facebook PHP sdk. The problem I am having is that the responses sent by my net Rest Service contain utf-8 Bom in front of it and Facebook SDK is not able to parse the responses correctly.
Any ideas on how to resolve this problem.
If you can specify a specific Encoding to your service, then you can use new UTF8Encoding(false) which is UTF-8 without BOM.
I don't know what you are returning in your service, but if it is a string like mine (I was returning a json), you can simply return a Message object instead with the string in it (from System.ServiceModel.Channels - google it) and then at the end of your service method implementation just do this:
Encoding utf8 = new System.Text.UTF8Encoding(false); //false == no BOM
return WebOperationContext.Current.CreateTextResponse(stringWithContent, "application/json;charset=utf-8", utf8);
The Wikipedia UTF-8 article suggests that the pretend-BOM that Windows applications frequently prepend to the actual content is three bytes long. Can you simply not send the first three bytes of your generated content?