Thursday, March 17, 2005

X509Certificate2 or as you should know it: X509CertificateTheOneIShouldUse

Straight from Shawn Farkas:

My reason for posting this is not so much that you should care that the class has been renamed, as much as you should care that this is the class you should use for X509 Certficates going forward. If you have ever done any CryptoAPI work in v1.1, you will be glad to know that they have finally put the important bits that were missing in X509Certificate into X509Certificate2. I don't know the full details of why they did not just update the original class instead of the kinda ugly 2 - but I would have to guess something about way too many breaking changes.

I had to develop a digital signing framework that used X509 Certificates. It was immediately clear that v.1.1 versions were not going to cut it. Since it was all .NET, CAPICOM was out as well. After long hours of reading MSDN CryptoAPI documentation, it became clear that I would need to write a lot of p/invoke code to get things like Public and Private keys from the Certificate as well as interact with a vendor CSP. In a way, I am glad that this X509Certificate2 was not available, since I would never have had a chance to really dig in and learn the underlying CryptoAPI. However, from a typical developer standpoint, this new class should save you at least a couple weeks of trying to figure out exactly how to interact with a CSP and get Private and Public keys.