find certificate on smartcard currently on reader

by

I am afraid it is not possible to detect if the card containing specific X509Certificate2 object is present in the reader by using standard .NET APIs. The best thing (very hackish) I could come up with is this:

public static X509Certificate2 GetDefaultCertificateStoredOnTheCard() 
{ 
    // Acquire public key stored in the default container of the currently inserted card
    CspParameters cspParameters = new CspParameters(1, "Microsoft Base Smart Card Crypto Provider"); 
    RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParameters); 
    string pubKeyXml = rsaProvider.ToXmlString(false); 

    // Find the certficate in the CurrentUser\My store that matches the public key
    X509Store x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser); 
    x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); 
    foreach (X509Certificate2 cert in x509Store.Certificates) 
    { 
        if ((cert.PublicKey.Key.ToXmlString(false) == pubKeyXml) && cert.HasPrivateKey)
            return cert; 
    } 

    return null; 
}

However this method is reliable only when the following conditions are met:

  1. You card is accessible via minidriver and Microsoft Base Smart Card Crypto Provider.
  2. There is only one reader connected to your computer with the smartcard present.
  3. There is only one certificate present on the card currently inserted in the reader.

When there are multiple readers with smartcards connected or multiple certificates present on the card you cannot be sure which one will be returned by this method.

Please note there are also other APIs available that can access the smartcard. One example of such API is PKCS#11. It may be an overkill for simple operations but it can give you total control over your card and the objects stored on it. If you are interested and your smartcard comes with the PKCS#11 library you can take a look at my project Pkcs11Interop that brings full power of PKCS#11 API to the .NET environment.

Hope this helps 🙂

Edited to remove the “single certificate” restriction:

I have slightly modified the code. It now uses unmanaged Crypto API to enumerate the names of all containers managed by Microsoft Base Smart Card Crypto Provider and then searches for the corresponding X509Certificate2 objects in the CurrentUser\My store. Please note that this approach is also very hackish and provided code may not work reliably with all the cards/minidrivers available on the market. It is usually better and easier to let the user pick correct certificate from the built-in certificate selection dialog.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;

namespace CSP
{
    public static class BaseSmartCardCryptoProvider
    {
        private const string _providerName = "Microsoft Base Smart Card Crypto Provider";

        private static class NativeMethods
        {
            public const uint PROV_RSA_FULL = 0x00000001;
            public const uint CRYPT_VERIFYCONTEXT = 0xF0000000;
            public const uint CRYPT_FIRST = 0x00000001;
            public const uint CRYPT_NEXT = 0x00000002;
            public const uint ERROR_NO_MORE_ITEMS = 0x00000103;
            public const uint PP_ENUMCONTAINERS = 0x00000002;

            [DllImport("advapi32.dll", BestFitMapping = false, ThrowOnUnmappableChar = true, SetLastError = true)]
            public static extern bool CryptAcquireContext(
            ref IntPtr phProv,
            [MarshalAs(UnmanagedType.LPStr)] string pszContainer,
            [MarshalAs(UnmanagedType.LPStr)] string pszProvider,
            uint dwProvType,
            uint dwFlags);

            [DllImport("advapi32.dll", BestFitMapping = false, ThrowOnUnmappableChar = true, SetLastError = true)]
            public static extern bool CryptGetProvParam(
            IntPtr hProv,
            uint dwParam,
            [MarshalAs(UnmanagedType.LPStr)] StringBuilder pbData,
            ref uint pdwDataLen,
            uint dwFlags);

            [DllImport("advapi32.dll", SetLastError = true)]
            public static extern bool CryptReleaseContext(
            IntPtr hProv,
            uint dwFlags);
        }

        public static List<X509Certificate2> GetCertificates()
        {
            List<X509Certificate2> certs = new List<X509Certificate2>();

            X509Store x509Store = null;

            try
            {
                x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

                List<string> containers = GetKeyContainers();

                foreach (string container in containers)
                {
                    CspParameters cspParameters = new CspParameters((int)NativeMethods.PROV_RSA_FULL, _providerName, container);
                    cspParameters.Flags = CspProviderFlags.UseExistingKey;
                    string pubKeyXml = null;
                    using (RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParameters))
                        pubKeyXml = rsaProvider.ToXmlString(false);

                    foreach (X509Certificate2 cert in x509Store.Certificates)
                    {
                        if ((cert.PublicKey.Key.ToXmlString(false) == pubKeyXml) && cert.HasPrivateKey)
                            certs.Add(cert);
                    }
                }
            }
            finally
            {
                if (x509Store != null)
                {
                    x509Store.Close();
                    x509Store = null;
                }
            }

            return certs;
        }

        private static List<string> GetKeyContainers()
        {
            List<string> containers = new List<string>();

            IntPtr hProv = IntPtr.Zero;

            try
            {
                if (!NativeMethods.CryptAcquireContext(ref hProv, null, _providerName, NativeMethods.PROV_RSA_FULL, NativeMethods.CRYPT_VERIFYCONTEXT))
                    throw new Win32Exception(Marshal.GetLastWin32Error());

                uint pcbData = 0;
                uint dwFlags = NativeMethods.CRYPT_FIRST;
                if (!NativeMethods.CryptGetProvParam(hProv, NativeMethods.PP_ENUMCONTAINERS, null, ref pcbData, dwFlags))
                    throw new Win32Exception(Marshal.GetLastWin32Error());

                StringBuilder sb = new StringBuilder((int)pcbData + 1);
                while (NativeMethods.CryptGetProvParam(hProv, NativeMethods.PP_ENUMCONTAINERS, sb, ref pcbData, dwFlags))
                {
                    containers.Add(sb.ToString());
                    dwFlags = NativeMethods.CRYPT_NEXT;
                }

                int err = Marshal.GetLastWin32Error();
                if (err != NativeMethods.ERROR_NO_MORE_ITEMS)
                    throw new Win32Exception(err);

                if (hProv != IntPtr.Zero)
                {
                    if (!NativeMethods.CryptReleaseContext(hProv, 0))
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                    hProv = IntPtr.Zero;
                }
            }
            catch
            {
                if (hProv != IntPtr.Zero)
                {
                    if (!NativeMethods.CryptReleaseContext(hProv, 0))
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                    hProv = IntPtr.Zero;
                }

                throw;
            }

            return containers;
        }
    }
}

Just call GetCertificates() method of the provided class to check out whether this code works with your card:

List<X509Certificate2> certs = CSP.BaseSmartCardCryptoProvider.GetCertificates();

More Related Contents:

  1. Encrypt and decrypt a string in C#? [closed]
  2. Call asynchronous method in constructor?
  3. Padding is invalid and cannot be removed?
  4. Unexpected character encountered while parsing value
  5. How can I sign a file using RSA and SHA256 with .NET?
  6. Which cryptographic hash function should I choose?
  7. “There was an error running the selected code generator” in VS 2013 scaffolding
  8. Get List of Zero Reference Codes in Visual Studio
  9. Enable Entity Framework 6 for MySql (C#) in WinForms of Microsoft Visual Studio 2013
  10. How can I generate a cryptographically secure pseudorandom number in C#?
  11. How to store/retrieve RSA public/private key
  12. Changing project port number in Visual Studio 2013
  13. Trying to debug Windows Store App from dump files
  14. Breakpoint Failed to Bind – Visual Studio 2015
  15. Encrypting/Decrypting large files (.NET)
  16. Decrypt from SHA256
  17. Visual Studio 2013 doesn’t discover unit tests
  18. Password encryption/decryption code in .NET
  19. C# SHA-1 vs. PHP SHA-1…Different Results?
  20. Comboboxes are linked for some reason
  21. How to Generate Unique Public and Private Key via RSA
  22. Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV?
  23. How do you login/authenticate a user with Asp.Net MVC5 RTM bits using AspNet.Identity?
  24. unable to evaluate expression whilst debugging
  25. Compute a hash from a stream of unknown length in C#
  26. Could not load file or assembly ‘System.Web.Http 4.0.0 after update from 2012 to 2013
  27. Compare password hashes between C# and ColdFusion (CFMX_COMPAT)
  28. CryptographicException “Key not valid for use in specified state.” while trying to export RSAParameters of a X509 private key
  29. How to implement Triple DES in C# (complete example)
  30. Should these arguments be added or removed?

Leave a Comment