asked on

VB.NET How to loop through x509 certificates and determine if they are exportable

Hi, I'm a pretty obvious newcomer to .net / VB. We have lots of administrative scripts that use CAPICOM to manage our EFS certificates on our corporate workstations. With Windows 7 CAPICOM is no longer supported so we need to find something else. We are trying to convert code that opens a users certificate store (CURRENT USER STORE), loops through the certificates in the collection, and gets determines if the certificate is exportable or not. To determine whether the certificate is exportable or not the CspKeyContainerInfo.Exportable Property must be accessed but I'm having trouble making the connection on how to access it as I loop through the certificates in the collection. here is the code I have so far below. Its just a form with a button, it loops through the current users certificates, showing the thumbprint for each. I would also like to know if the certificate is exportable as well. Thanks!

Imports System
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.Text
Imports System.IO
Public Class Form1
 
 
 
 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
 
 
        'Instantiate the Store / The store name is My, location is current user store
        Dim store As New X509Store("MY", StoreLocation.CurrentUser)
        'Open the stor
        store.Open(OpenFlags.ReadWrite)
        'Use the X509CertificateCollection class to get the certificates from the my store into a collection
        Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
        'Declare x509 as the certificate object
 
        Dim x509 As New X509Certificate2
 
 
        'Loop through the certificates in the store, one by one
        '------------
        
 
        For Each x509 In collection
            
 
            'Show the thumbprint for each certificate in the users store
            MsgBox(x509.Thumbprint)
 
 
        Next x509
 
        store.Close()
 
 
 
 
    End Sub
End Class

Open in new window

lkalvin

I'm not a huge fan of using reserved words as variables... but hey, C# folks do it all the time, right?
But check it:
Instead of "Dim x509 as New blahblahblah"
-try this_

Delete the line that says, "Dim x509 As New X509Certificate2
and for your loop, do this:

For Each x509 as x509Certificate2 In collection
Msgbox(x509.ThumbPrint.ToString)
Next

-OR-
LEAVE the line I said to delete... but DELETE the word, "New"... and seriously - consider changing your collection to a variable name other than... collection! How bout, "509Collection" ? lol just a thought!

Good luck :)

-LK

JSunn

ASKER

lkalvin,
I appreciate the tip, however I am trying to find a way to determine if the certificate is exportable as I loop through the collection. Any idea on that?

lkalvin

Sorry JS - I'm not familiar at all with that object. My comments were intended to give you some pointers on handling your collection-loop.

If there is a property you can examine, you'd do it like this:

For Each x509 as x509Certificate2 In collection
If x509.IsExportable Then
' Do your export code here...
End If
Msgbox(x509.ThumbPrint.ToString)
Next

Or perhaps...
For Each x509 as x509Certificate2 In collection
If x509.SomeProperty = (whatever the value is that makes this exportable) Then
' Do your export code here...
End If
Next

Again - without knowing how you would determine if the object is exportable, I cannot be more specific.
I hope this helps!

-LK

JSunn

ASKER

There doesn't seem to be anyone with an answer to my question so I'm fine with deleting it. Thanks!

ASKER CERTIFIED SOLUTION

ee_auto

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial