Support Certificates In Your Applications With The .NET Framework 2.0

Certificates are used in many places across the Microsoft .NET Framework, from secure communication to code signing to security policies. The .NET Framework 2.0 introduced revamped support for certificates and it added a completely new namespace for standards-compliant cryptographic operations with certificates. In this article, I will discuss the background for certificates and the Windows Certificate Store. I'll also show you how to work with the certificate APIs and how they are used by the Framework to implement security features.

A "certificate" is really an ASN.1 (Abstract Syntax Notation One) encoded file that contains a public key and additional information about that key and its owner. In addition, a certificate has a validity period and is signed with another key (the so-called issuer) which is used to provide an authenticity guarantee of those attributes and, most importantly, the public key itself. You can think of ASN.1 as a sort of binary XML. Like XML, it also has encoding rules, strong types, and tags; however, these are binary values that often don't correspond to any printable character.

For such a file to be interchangeable between systems, a standard format is needed. This is X.509 (currently version 3), which is described in RFC 3280 (tools.ietf.org/html/rfc3280). X.509 doesn't dictate the type of key embedded in the certificate, but the RSA algorithm is currently the most popular asymmetric cryptographic algorithm in use.

I'll start with a little history. The name RSA is an acronym for the surnames of three inventors of this algorithm: Ron Rivest, Adi Shamir, and Len Adleman. They formed a company, RSA Security, which published several standard documents called Public Key Cryptography Standards (PKCS). These documents describe several aspects of cryptography.

One of the most popular of these documents, PKCS #7, defines a binary format for signed and encrypted data called the Cryptographic Message Syntax (CMS). CMS is now used in many popular security protocols, including secure sockets layer (SSL) and Secure Multipurpose Internet Mail Extensions (S/MIME). Since it is a standard, it is also the format of choice for when applications need to exchange signed and encrypted data between several parties.