Discuss this help topic in SecureBlackbox Forum

Access system certificate stores with TElWinCertStorage

You can access certificates stored in Windows system certificate stores with TElWinCertStorage component. This article explains how to configure the component to locate the correct store and load the appropriate certificates.

  1. Create the TElWinCertStorage object: TElWinCertStorage storage = new TElWinCertStorage();
  2. The list of certificates in the storage is automatically refreshed when its SystemStores property is altered. storage.SystemStores.Add("MY"); // adds all certificates from Personal ('MY') store to the list. To add several stores without refreshing the storage's contents each time, use BeginUpdate() and EndUpdate() methods of storage.SystemStores list:
    
    storage.SystemStores.BeginUpdate();
    try
    {
      storage.SystemStores.Add("ROOT");
      storage.SystemStores.Add("CA");
    }
    finally
    {
      storage.SystemStores.EndUpdate(); // the contents of the storage will only be refreshed upon exiting the EndUpdate() method.
    }
    
  3. You might wish to tune up the storage component before loading any certificates. Please do that before you change the contents of the SystemStores property. The following settings are available:
    • AccessType & this is the most important setting of the Windows storage component, and is highly likely to be the only property you would ever need to tune up. It specifies the copy of the system store that you need to access. Each system store (e.g. Personal) comes in several copies: one per user account, plus one system-wide, plus several additional ones. By default, AccessType is set to atCurrentUser which forces the storage component to access the 'current user' copy of every store. By changing this property to atLocalMachine you will have the storage load certificates from system-wide Personal store.
    • ReadOnly makes the component open the system store(s) in read-only mode. Unless you need to modify the contents of the storage, it makes sense to switch this property on. This will make your application more robust and tolerant to strict access policies.
    • Provider controls which OS cryptographic provider should be used to access the store. In most cases you do not need to modify this property. However, tuning it up might be helpful in certain exotic environments where custom or specifically configured CryptoAPI providers are used.
    Example:
    
    TElWinCertStorage storage = new TElWinCertStorage();
    storage.AccessType = TSBStorageAccessType.atLocalMachine;
    storage.SystemStores.Add("ROOT");
    

How To articles about certificate storages

Discuss this help topic in SecureBlackbox Forum