Discussion:
cross-platform way of storing X509 certificates & private keys?
Jeff Stedfast
2013-11-04 22:53:17 UTC
Permalink
One of the last remaining pieces for me to complete the S/MIME library I'm
working on is having a cross-platform way of storing X509 certificates and
private keys.

I was wondering if anyone had a solution they've already come up with that
they could share or perhaps give some thoughts.

I had started working on a way to re-use the
System.Security.Cryptography.X509Certificates.X509Store for Windows and
something that used the native Mac OS X keychain APIs on Mac, but on Linux
and Android, there aren't any system-wide certificate stores.

What have other people done?

Jeff
Jaroslav Imrich
2013-11-04 23:46:33 UTC
Permalink
Hello Jeff,

I believe you should use "more abstract" and platform independent
Org.BouncyCastle.X509.Store.IX509Store interface and let user (developer
who uses BC) provide implementation suitable for his platform/scenario.
--
Kind Regards

Jaroslav Imrich
http://www.jimrich.sk
Post by Jeff Stedfast
One of the last remaining pieces for me to complete the S/MIME library I'm
working on is having a cross-platform way of storing X509 certificates and
private keys.
I was wondering if anyone had a solution they've already come up with that
they could share or perhaps give some thoughts.
I had started working on a way to re-use the
System.Security.Cryptography.X509Certificates.X509Store for Windows and
something that used the native Mac OS X keychain APIs on Mac, but on Linux
and Android, there aren't any system-wide certificate stores.
What have other people done?
Jeff
Mankowski, Chris
2013-11-05 15:05:01 UTC
Permalink
I think there would also be benefit to sharing implementations of that interface that he's already created.

I would be interested in code that saves certificates into DPAPI/CryptoAPI and is also managed. I haven't seen an implementation like this.

From: Jaroslav Imrich [mailto:jaroslav.imrich-***@public.gmane.org]
Sent: Monday, November 04, 2013 6:47 PM
To: Jeff Stedfast
Cc: Bouncy Castle Developer List
Subject: Re: [dev-crypto-csharp] cross-platform way of storing X509 certificates & private keys?

Hello Jeff,

I believe you should use "more abstract" and platform independent Org.BouncyCastle.X509.Store.IX509Store interface and let user (developer who uses BC) provide implementation suitable for his platform/scenario.

--
Kind Regards

Jaroslav Imrich
http://www.jimrich.sk<http://www.jimrich.sk/>

On Mon, Nov 4, 2013 at 11:53 PM, Jeff Stedfast <jeff-***@public.gmane.org<mailto:***@xamarin.com>> wrote:
One of the last remaining pieces for me to complete the S/MIME library I'm working on is having a cross-platform way of storing X509 certificates and private keys.

I was wondering if anyone had a solution they've already come up with that they could share or perhaps give some thoughts.

I had started working on a way to re-use the System.Security.Cryptography.X509Certificates.X509Store for Windows and something that used the native Mac OS X keychain APIs on Mac, but on Linux and Android, there aren't any system-wide certificate stores.

What have other people done?

Jeff

**********************************************************************
Notice: This e-mail message and any attachment to this e-mail message may contain information that is confidential, proprietary, privileged, legally privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please accept this as notice that any disclosure, copying, distribution or use of the information contained in this transmission is strictly prohibited. NFP reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.

Any views or opinions expressed in this e-mail are those of the sender and do not necessarily express those of NFP. Although this transmission and any attachment are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by NFP, its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use.

If you have received this e-mail in error, please immediately contact the sender by return e-mail or by telephone at 212-301-4000 and destroy the material in its entirety, whether electronic or hard copy format.
Jeff Stedfast
2013-11-05 16:05:03 UTC
Permalink
I'm fully prepared to allow developers using my MimeKit library to provide
their own certificate store implementations, but having a default
implementation (even if suboptimal) that they can use would be really
helpful for allowing people to get up and running to get a feel for how
things are supposed to work. When picking up a new library, this is really
helpful.

Perhaps the simplest solution, instead of pulling in a System.Data backend,
would be to use a pkcs12 file - it's something that BC already supports
loading and saving to and it's encrypted as well.

Jeff
Post by Mankowski, Chris
I think there would also be benefit to sharing implementations of that
interface that he’s already created.
I would be interested in code that saves certificates into DPAPI/CryptoAPI
and is also managed. I haven’t seen an implementation like this.
*Sent:* Monday, November 04, 2013 6:47 PM
*To:* Jeff Stedfast
*Cc:* Bouncy Castle Developer List
*Subject:* Re: [dev-crypto-csharp] cross-platform way of storing X509
certificates & private keys?
Hello Jeff,
I believe you should use "more abstract" and platform independent
Org.BouncyCastle.X509.Store.IX509Store interface and let user (developer
who uses BC) provide implementation suitable for his platform/scenario.
--
Kind Regards
Jaroslav Imrich
http://www.jimrich.sk
One of the last remaining pieces for me to complete the S/MIME library I'm
working on is having a cross-platform way of storing X509 certificates and
private keys.
I was wondering if anyone had a solution they've already come up with that
they could share or perhaps give some thoughts.
I had started working on a way to re-use the
System.Security.Cryptography.X509Certificates.X509Store for Windows and
something that used the native Mac OS X keychain APIs on Mac, but on Linux
and Android, there aren't any system-wide certificate stores.
What have other people done?
Jeff
------------------------------
Notice: This e-mail message and any attachment to this e-mail message may
contain information that is confidential, proprietary, privileged, legally
privileged and/or exempt from disclosure under applicable law. If you are
not the intended recipient, please accept this as notice that any
disclosure, copying, distribution or use of the information contained in
this transmission is strictly prohibited. NFP reserves the right, to the
extent and under circumstances permitted by applicable law, to retain,
monitor and intercept e-mail messages to and from its systems.
Any views or opinions expressed in this e-mail are those of the sender and
do not necessarily express those of NFP. Although this transmission and any
attachment are believed to be free of any virus or other defect that might
affect any computer system into which it is received and opened, it is the
responsibility of the recipient to ensure that it is virus free and no
responsibility is accepted by NFP, its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you have received this e-mail in error, please immediately contact the
sender by return e-mail or by telephone at 212-301-4000 and destroy the
material in its entirety, whether electronic or hard copy format.
Loading...