Retired Microsoft Blog disclaimer
This directory is a mirror of retired "Decrypt My World" MSDN blog and is provided as is. All posting authorship and copyrights belong to respective authors.

Posts on this page:

Original URL: https://blogs.msdn.microsoft.com/alejacma/2012/07/18/good-bye-escalation-engineer-hello-developer-evangelist/
Post name: Good bye Escalation Engineer, Hello Developer Evangelist
Original author: Alejandro Campos Magencio
Posting date: 2012-07-18T00:16:33+00:00


Hello all,

I recently changed to another department within Microsoft. I am not an Escalation Engineer working with Windows SDK in general and Crypto in particular anymore. No.Now I am a Developer Evangelist fully dedicated to Windows 8 and Windows Phone development in Spain.

So what does this mean to this blog? Well, I don't think I will be able to post any more content on CryptoAPI or related from now on. I ambasically discontinuing this blog until further notice. If I have time to post something now,it will be related to development of Metro style applications on Windows 8 and Windows Phone 7.5/8, and preferably in Spanish for our Spanish audience. For the moment, consider this to be my last post on this blog.

What will happen with all the posts I've written so far? Nothing, I won't delete them or anything. I will leave the blog as is for your reference.

And what if you need help? I will still try to answer your questions, but my suggestion if you need urgent help is that you create a Technical Support case so my colleagues can assist you appropriately.

It's been a great pleasure writing this blog, and I THANK YOU all for your questions,comments, suggestions and thank-you's during the live of this blog.

Cheers!

Alex (Alejandro Campos Magencio)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2012/05/25/net-and-the-xades-standard/
Post name: .NET and the XAdES standard
Original author: Alejandro Campos Magencio
Posting date: 2012-05-25T01:57:45+00:00


Hi all,

You may know already that SignedXml class in .NET doesn't support the XML Advanced Electronic Signatures (XAdES) standard (more infohere: Which standards does SignedXml support?)

Fortunatelly my colleagues in Microsoft France developed aXAdES libraryfor .NET(Microsoft.Xades.dll) that they published on this French site: Kit de démarrage « Signature avancée (XAdES) pour Microsoft .NET Framework v3.5 (et ultérieur)

Disclaimer: I don't speak French, so I don't understand the license for this library and cannot tell if any restrictions come with it.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2012/04/27/how-to-remove-a-certificate-from-a-certificate-store-programmatically-powershell/
Post name: How to remove a certificate from a certificate store programmatically (PowerShell)
Original author: Alejandro Campos Magencio
Posting date: 2012-04-27T05:37:23+00:00


Hi all,

The following sample will remove a certificate from MY certificate store of the local machine after locating it by serial number:

# Pass Serial Number of the cert you want to remove
param ($serialNumber = $(throw "Please pass a certificate's serial number to the script"))

# Access MY store of Local Machine profile 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
$store.Open("ReadWrite")

# Find the cert we want to delete
$cert = $store.Certificates.Find("FindBySerialNumber",$serialNumber,$FALSE)[0]

if ($cert -ne $null)
{
# Found the cert. Delete it (need admin permissions to do this)
$store.Remove($cert)

Write-Host "Certificate with Serial Number" $serialNumber "has been deleted"
}
else
{
# Didn't find the cert. Exit
Write-Host "Certificate with Serial Number" $serialNumber "could not be found"
}

# We are done
$store.Close()

Note: this sample attacks the local machine profile, so by default you will need admin permissions to remove certs from its MY store.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2012/04/27/how-to-get-all-certificates-in-the-server-certificates-section-of-iis-manager-programmatically-powershell/
Post name: How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)
Original author: Alejandro Campos Magencio
Posting date: 2012-04-27T05:28:00+00:00


Hi all,

The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs:

# Get all certs in MY store of Local Machine profile
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
 $store.Open("ReadOnly")
 $store.Certificates | 
 % { 
 # Get all extensions for one cert
 $cert = $_
 $cert.Extensions | 
 % { 
 # Find "Enhanced Key Usage" extension
 $extension = $_
 If ($extension.Oid.FriendlyName -eq "Enhanced Key Usage")
 {
 # Get all enhanced key usages for the cert
 $enhancedKeyUsageExtension = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$extension
 $enhancedKeyUsageExtension.EnhancedKeyUsages | 
 % { 
 # Find "Server Authentication" enhanced key usage
 $enhancedKeyUsage = $_
 If ($enhancedKeyUsage.FriendlyName -eq "Server Authentication") 
 {
 # We found a cert that will get listed in Server Certificates list in IIS Manager. Show its info 
 $cert | Select Subject, Issuer, NotBefore, NotAfter, Thumbprint, SerialNumber
 } 
 }
 } 
 }
 }
 $store.Close()

 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2012/04/27/how-to-install-the-response-from-a-ca-programmatically-powershell/
Post name: How to install the response from a CA programmatically (PowerShell)
Original author: Alejandro Campos Magencio
Posting date: 2012-04-27T05:19:36+00:00


Hi all,

The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.

The following Powershell sample does that:

$strBase64Response = get-content "C:\Test\Base64.cer"
 $objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment
 $objEnroll.Initialize(0x2);
 $objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)

 

Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.

Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)