0

I want to address an api via C# that requires mtls authentication.

The difficulty here is that the private key of the certificate is stored on a smartcard. This means that I only have the public X509 certificate in .net and I can create RSA Sh256 signatures on the smartcard with which the mtls connection need to established.

Is there any possibility in .NET to override the function for the TLS client signature in the http request lib?

Thank You!

Improve this question
2
  • Please clarify why you'd need that. Usually the private key is still associated with the certificate when it is used in the Microsoft way of handling keys / certs, even if the cert can be stored in the memory and the private key remains on the smart card. Or do you need to somehow change the algorithm used for signing? Downloading the cert and just creating a certificate from that is not the way forward, you need to use CMS functionality to represent cert / key / algorithm.
    – Maarten Bodewes
    Commented Feb 17 at 3:41
  • 1
    Thank you Maarten for the quick feedback. There are no drivers for the smartcard that Windows supports directly. I can create RSA PSS signatures manually with c# and java using APDU commands. This also works and in Java I can establish the MTLS connection with my own SignatureSpi class by implementing the enginSign method myself. In C# I can already read the certificate from the smartcard and would now like to pass a method to the HttpClient in which I implement the signature function for client authentication myself. Thank You!
    – Max1829
    Commented Feb 17 at 20:39
Related questions
1493
Send HTTP POST request in .NET
45
Associate a private key with the X509Certificate2 class in .net
8
In mTLS does the client CN name actually matter?
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Browse other questions tagged or ask your own question.