public static SafeCertContextHandle GetCertificateContext(X509Certificate certificate) { SafeCertContextHandle certContext = X509Native.DuplicateCertContext(certificate.Handle); // Make sure to keep the X509Certificate object alive until after its certificate context is // duplicated, otherwise it could end up being closed out from underneath us before we get a // chance to duplicate the handle. GC.KeepAlive(certificate); return(certContext); }
public static CngKey GetCngPrivateKey(X509Certificate2 certificate) { using (SafeCertContextHandle certContext = GetCertificateContext(certificate)) using (SafeNCryptKeyHandle privateKeyHandle = X509Native.AcquireCngPrivateKey(certContext)) { // We need to assert for full trust when opening the CNG key because // CngKey.Open(SafeNCryptKeyHandle) does a full demand for full trust, and we want to allow // access to a certificate's private key by anyone who has access to the certificate itself. new PermissionSet(PermissionState.Unrestricted).Assert(); return(CngKey.Open(privateKeyHandle, CngKeyHandleOpenOptions.None)); } }