Discuss this help topic in SecureBlackbox Forum
Copy certificate of any origin to TElMemoryCertStorage
TElMemoryCertStorage can serve as a universal container for certificates with any physical origin. When you add a certificate to the memory storage, it saves the complete information about the certificate's background. This information can be retrieved later, when the certificate is needed for a cryptographic operation. That is, a certificate object originating from TElPKCS11CertStorage remembers its roots even after being added to TElMemoryCertStorage. This certificate can be used for signing and other internal PKCS#11 operations required to actually perform the signing.
The following code preserves a reference to the original Windows certificate:
TElWinCertStorage winStorage = new TElWinCertStorage();
winStorage.SystemStores.Add("MY");
TElMemoryCertStorage memStorage = new TElMemoryCertStorage();
memStorage.Add(winStorage.get_Certificates(0), true);
The second parameter tells the component whether the certificate's private key shall also be copied (if present, of course).
When CopyPrivateKey is false, only the public part of the certificate will be copied to the storage.
It will not be possible to use such certificate for private key operations (e.g., signing).
Two important points to be considered when adding certificates to TElMemoryCertStorage: