Dialecticus Dialecticus - 1 month ago 13
C# Question

Parse "Certificate Policies" extension

I have a certificate (

X509Certificate2
) in my app, and I can enumerate all certificate's extensions. One of those extensions is Certificate Policies, with OID 2.5.29.32. This extension is supposed to be just a sequence of OID's, and I need to search for specific OID's there. The problem is that this extension is coded as DER octet string. How can I get to the OID inside that I'm interested in? Do I have to manually parse a DER octet string? How can I do that?

EDIT: I'm going to see what Bouncy Castle has to offer, but I'm wondering if there is a ready solution in .NET framework. Framework parses certificates and other DER structures, so there might be DER decoder built in.

BOUNTY: I have found a solution for me, but I'm looking for improvements. Bounty goes to other solution if it satisfies one or more of the following, sorted by relevance:


  1. it uses standard .NET library functions

  2. it uses mature or proven source code or library, smaller than Bouncy Castle (I need only parsing, not the all the rest)

  3. it merely improves on the code I already have, in a matter that I find worthy



BUMP: Bounty expires today. If no one else provides an answer it'll go to GalacticJello.

Answer

I had this problem a year ago. I found a small library that helped me a lot (site). This library transforms the file key in xml (using a .exe) and then we could read it on C#.

I didn't liked to transform my key in XML. I asked for the library's developer to use the opensource code in my project, fortunately he accepted. So I built a fork that do exactly what I needed.

After a long time, I have found another implementation in Mono project, avaiable here.

A helper class that uses CryptoLib here and an example [here][5]

Comments