Rebex.Security Summary description for Asn1Encoder. Represents the base class from which all implementations of the ArcFour algorithm must derive. Initializes a new instance of ArcFour. You cannot create an instance of an abstract class. Create an instance of class instead. Generates a random initialization vector (IV) to be used for the algorithm. ArcFour is a stream cipher, it does not use IV. Generates a random key to be used for the algorithm. Use this method to generate a random key when none is specified. Creates a cryptographic object to perform the ArcFour algorithm. A cryptographic object to perform the ArcFour algorithm. Gets or sets the block size of the cryptographic operation in bits. The block size. ArcFour is a stream cipher, blocks can be of any size. Gets or sets the feedback size of the cryptographic operation in bits. The feedback size in bits. This property is not supported by ArcFour class. Gets or sets the initialization vector (IV) for the symmetric algorithm. Initialization vector. ArcFour is a stream cipher, it does not use IV. Gets or sets the mode for operation of the symmetric algorithm. The mode for operation. ArcFour is a stream cipher, the only mode supported is CipherMode.OFB. Gets or sets the padding mode used in the symmetric algorithm. The padding mode. ArcFour is a stream cipher, no padding is done. The managed version of the ArcFour algorithm. Initializes a new instance of ArcFourManaged class. Creates a symmetric ArcFour decryptor object with the specified Key and initialization vector (IV). The secret key to be used for the symmetric algorithm. The IV. Not used by ArcFour. A symmetric ArcFour decryptor object. Creates a symmetric ArcFour encryptor object with the specified Key and initialization vector (IV). The secret key to be used for the symmetric algorithm. The IV. Not used by ArcFour. A symmetric ArcFour encryptor object. Calculate the numbers u1, u2, and u3 such that: u1 * a + u2 * b = u3 where u3 is the greatest common divider of a and b. a and b using the extended Euclid algorithm (refer p. 323 of The Art of Computer Programming vol 2, 2nd ed). This also seems to have the side effect of calculating some form of multiplicative inverse. Montgomery multiplication: a = x * y * R^(-1) mod m (Handbook of Applied Cryptography, Algorithm 14.36) m, x, y should have length n
b = 2^32, R = b^n
 Primality test. Number of iterations. true if the number is probably prime; false if not prime.

Uses Algorithm from FIPS PUB 186.

It will produce a false prime with probability no greater than 1/4^n

 Common code for Decryptor's TransformFinalBlock. Would be a mixin if .NET allowed multiple inheritance. Implements Diffie-Hellman key agreement protocol (also called exponential key agreement). This algorithm was developed by Diffie and Hellman in 1976. It allows two users to exchange a secret key over an insecure medium without any prior secrets. Initializes a new instance of DiffieHellman. You cannot create an instance of an abstract class. Create an instance of class instead. Returns the public key. The public key. Calculates the shared secret key from the other side's public key. Other side's public key. The shared secret key. Imports the specified . The Diffie-Hellman parameters. Exports the . true to include private parameter; otherwise, false. The Diffie-Hellman parameters. Managed implementation of Diffie-Hellman algorithm. Initializes a new instance of the DiffieHellmanManaged class. Initializes a new instance of the DiffieHellmanManaged class with a specified key size. The size of the key to use in bits. Creates and returns an XML string representation of the current object. true to include private parameters; otherwise, false. An XML string encoding of the current object. When overridden in a derived class, reconstructs a DiffieHellmanManaged object from an XML string. The XML string to use to reconstruct the DiffieHellmanManaged object. Returns the public key. The public key. Calculates the shared secret key from the other side's public key. Other side's public key. The shared secret key. Imports the specified . The Diffie-Hellman parameters. Exports the . true to include private parameter; otherwise, false. The Diffie-Hellman parameters. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Gets the name of the signature algorithm available with this implementation of DiffieHellman. The name of the signature algorithm. DiffieHellman does not support signatures. This property will throw an exception. Gets the name of the key exchange algorithm available with this implementation of DiffieHellman. The name of the key exchange algorithm. Contains the parameters for Diffie-Hellman algorithm. The prime modulus used for the operation. The generator used for the operation. The private key for the operation. The public key for the operation. Managed implementation of DSA signature algorithm.

The purpose of this class is to make it possible to verify signatures without the need to use CryptoAPI, which is not available in some scenarios.

Even though it is possible to generate DSA keys and sign data using this class, but this process has not been optimized for speed and is very slow.

Initializes a new instance of the DSAManaged class with the key size of 1024. Initializes a new instance of the DSAManaged class with the specified key size. The size of the key to use in bits. Initializes a new instance of the DSAManaged class with the specified key size and seed. The size of the key to use in bits. The initial seed to use for key generation. Creates and returns an XML string representation of the current object. true to include private parameters; otherwise, false. An XML string encoding of the current object. When overridden in a derived class, reconstructs a DSAManaged object from an XML string. The XML string to use to reconstruct the DSAManaged object. Encodes the signature in raw format (40 bytes) using the DER encoding of DssSigValue. Raw signature. DER encoded signature Decodes the DER encoding of DssSigValue to raw format (40 bytes). DER encoded signature. Raw signature Exports the . true to include private parameters; otherwise, false. The DSA parameters. Imports the specified . The DSA parameters. Creates the DSA signature for the specified data. The SHA1 hash of data to be signed. The DSA signature for the specified hash value. DSA signature is a pair of numbers r and s. This method always returns an array of 40 bytes. Bytes 0..19 contain the value of r, bytes 20..39 contain the value of s. Verifies the DSA signature for the specified data. The SHA1 hash of signed data to be verified. The signature to be verified for rgbData. true if the signature verifies as valid; otherwise, false. DSA signature is a pair of numbers r and s. The rgbSignature parameter must be 40 bytes long. Bytes 0..19 must contain the value of r, bytes 20..39 must contain the value of s. Computes the signature for the specified hash value by signing it with the private key. The SHA1 hash of data to be signed. The DSA signature for the specified hash value. Verifies the specified signature data by comparing it to the signature computed for the specified hash value. The hash value of the signed data. The signature data to be verified. true if the signature verifies as valid; otherwise, false. Computes the hash value of the specified byte array using the specified hash algorithm, and signs the resulting hash value. The input data for which to compute the hash. The hash algorithm to use to create the hash value. The DSA signature for the specified data. Verifies the specified signature data by comparing it to the signature computed for the specified data. The signed data. The hash algorithm used to create the hash value of the data. The signature data to be verified. true if the signature verifies as valid; otherwise, false. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Gets the name of the signature algorithm available with this implementation of DSA. The name of the signature algorithm. Gets the name of the key exchange algorithm available with this implementation of DSA. The name of the key exchange algorithm. Computes a Hash-based Message Authentication Code (HMAC) for the input data using the specified hash function. HMAC is defined by RFC 2104 and look like this: alg(K XOR opad + alg(K XOR ipad + text))
where alg is the base hash algorithm,
K is an n byte key,
ipad is the byte 0x36 repeated 64 times,
opad is the byte 0x5c repeated 64 times,
and text is the data being protected.
 Initializes a new instance of the HMAC class with the specified hash algorithm and key data. A type of hash algorithm to use. Must be a subclass of HashAlgorithm. The secret key for HMAC encryption. Initializes a new instance of the HMAC class with the specified hash algorithm and a randomly generated key. A type of hash algorithm to use. Must be a subclass of HashAlgorithm. Initializes an instance of HMAC. Routes data written to the object into the hash algorithm for computing the HMAC. The input data. The offset into the byte array from which to begin using data. The number of bytes in the array to use as data. Returns the computed Hash-based Message Authentication Code (HMAC) after all data has been written to the object. The computed HMAC. Releases the unmanaged resources used by the HMAC and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Gets or sets the key to be used in the hash algorithm. The key to be used in the hash algorithm. Computes the combined MD5/SHA1 hash for the input data. The resulting hash value is 36 bytes long. Bytes 0..15 contain the MD5 hash and bytes 16..35 contain the SHA1 hash. Initializes a new instance of the MD5SHA1 class. Creates an instance of the MD5SHA1 hash algorithm. A new instance of the MD5SHA1 hash algorithm. Initializes an instance of MD5SHA1. Routes data written to the object into MD5 and SHA1 hash algorithms for computing the hash. The array of data bytes. The offset into the byte array from which to begin using data. The number of bytes in the array to use as data. Returns the computed MD5SHA1 hash as an array of bytes after all data has been written to the object. The computed hash value. Releases the unmanaged resources used by the MD5SHA1 and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Returns the underlying instance of the MD5 object that is used to compute the MD5 part of the combined hash. Returns the underlying instance of the SHA1 object that is used to compute the SHA1 part of the combined hash. Represents a cryptographic object identifier. Initializes a new instance of the class using the specified object. The object identifier information to use to create the new object identifier. Initializes a new instance of the class using the specified OID dotted number string. An object identifier in dotted number format. Returns a string in dotted number format that represents the current . A string representation of the current Oid. Gets the dotted number representation of the object identifier. Implements password-based key derivation functionality PBKDF1 specified by RFC 2898, with extension of OpenSSL PBKD to allow longer keys to be generated. Resets the state of the operation. Returns a pseudo-random key from a password, salt and iteration count. A byte array filled with pseudo-random key bytes. The number of pseudo-random key bytes to generate. Gets or sets the number of iterations for the operation. The number of iterations for the operation. Gets or sets the key salt value for the operation. The key salt value for the operation. Implements password-based key derivation functionality PBKDF2 specified by RFC 2898. Resets the state of the operation. Returns a pseudo-random key from a password, salt and iteration count. A byte array filled with pseudo-random key bytes. The number of pseudo-random key bytes to generate. Gets or sets the number of iterations for the operation. The number of iterations for the operation. Gets or sets the key salt value for the operation. The key salt value for the operation. PKCS #12 key derivation algorithm. Resets the state of the operation. Returns a pseudo-random key from a password, salt and iteration count. A byte array filled with pseudo-random key bytes. The number of pseudo-random key bytes to generate. Managed implementation of RSA algorithm.

The purpose of this class is to make it possible to verify signatures and encrypt data without the need to use CryptoAPI, which is not available in some scenarios.

Even though it is possible to generate RSA keys and sign data using this class, it is not recommended because the generated keys are not being checked to ensure they are strong primes.

Initializes a new instance of the RSAManaged class with the key size of 1024. Initializes a new instance of the RSAManaged class with the specified key size. The size of the key to use in bits. Exports the . true to include private parameters; otherwise, false. The RSA parameters. Imports the specified . The RSA parameters. Decrypts data with the RSA algorithm. The data to be decrypted. The decrypted data. No processing of raw data is performed. Encrypts data with the RSA algorithm. The data to be encrypted. The encrypted data. No processing of raw data is performed. Decrypts data with the RSA algorithm. The data to be decrypted. The decrypted data. Uses PKCS#1 v1.5 padding. Encrypts data with the RSA algorithm. The data to be encrypted. The encrypted data. Uses PKCS#1 v1.5 padding. Verifies the specified signature data by comparing it to the signature computed for the specified hash value. The hash value of the signed data. The signature data to be verified. true if the signature verifies as valid; otherwise, false. Verifies the specified signature data by comparing it to the signature computed for the specified hash value. The hash value of the signed data. A hash algorithm used to create the hash value. The signature data to be verified. true if the signature verifies as valid; otherwise, false. Computes the signature for the specified hash value by signing it with the private key. The hash of data to be signed. The RSA signature for the specified hash value. Computes the signature for the specified hash value by signing it with the private key. The hash of data to be signed. A hash algorithm used to create the hash value. The RSA signature for the specified hash value. Verifies the specified signature data by comparing it to the signature computed for the specified data. The data that was signed. The hash algorithm used to create the hash value of the data. The signature data to be verified. true if the signature verifies as valid; otherwise, false. Computes the hash value of the specified byte array using the specified hash algorithm, and signs the resulting hash value. The input data for which to compute the hash. The hash algorithm to use to create the hash value. The RSA signature for the specified data. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Gets the name of the signature algorithm available with this implementation of RSA. The name of the signature algorithm. Gets the name of the key exchange algorithm available with this implementation of RSA. The name of the key exchange algorithm. The AlgorithmIdentifier class defines an algorithm used for a cryptographic operation. Creates an instance of the class with the specified algorithm identifier. An object identifier for the algorithm. Creates an instance of the class with the specified algorithm identifier and parameters. An object identifier for the algorithm. ASN.1 DER encoded parameters. Gets the object identifier for the algorithm. On that represents the algorithm. Gets the algorithm parameters. The alogirithm parameters. A base class for various collections of cryptographic objects. Gets an for the . An for the collection. Copies the range of elements from the to a compatible one-dimensional , starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets the number of items in the . The number of items in collection. Gets a value indicating whether access to the is synchronized. Gets an object that can be used to synchronize access to the . A collection of values associated with a . Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets the value at the specified index. An array of bytes in ASN.1 format. A cryptographic attribute that contains a type and a collection of associated values. Initializes an instance of a . The object identifier that identifies the attribute type. Parameters in ASN.1 format, in a form of one or more byte arrays. Initializes an instance of a . The object identifier that identifies the attribute type. Parameters in ASN.1 format. Not supported in .NET 1.0, use instead. Gets the object identifier that identifies the attribute type. The object identifier. Gets the collection of values associated with the attribute. A . A collection of objects. Adds a to the collection. A cryptographic attribute to add. Removes a from the collection. A cryptographic attribute to remove. Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets or sets the at the specified index. The zero-based index of the to get or set. A cryptographic attribute. Gets the first with the specified object identifier. The object identifier, either friendly name or dotted string format. A cryptographic attribute if found, or null if not found. The class represents the CMS/PKCS #7 ContentInfo data structure. It encapsulates the content of or messages. Initializes a new instance of using the specified array of bytes as content and an object identifier "data" as content type. The message content. Initializes a new instance of using the specified array of bytes as content and the specified object identifier as content type. The message content type. The message content. Gets the object identifier of the CMS/PKCS #7 message content type. Gets the content of the CMS/PKCS #7 message. An array of bytes that represent the content data. Represents a CMS/PKCS #7 encrypted data. Gets the symmetric key used to encrypt the message, or null if it is cannot be retrieved. The symmetric key used to encrypt the message, or null. Gets the symmetric algorithm used to encrypt or decrypt the content, or null if it cannot be retrieved. The . Encrypts the contents of the CMS/PKCS #7 message. Decrypts the contents of the CMS/PKCS #7 message. For a successful decryption, a symmetric key must be available. Creates a receiving stream for this CMS/PKCS #7 message. A write-only receiving stream. Receiving stream accepts raw CMS/PKCS #7 signed message data. Before all the data has been written and the stream has been closed, no methods or properties of should be accessed. Decodes an encoded CMS/PKCS #7 encrypted message from raw data. Upon successful decoding, information can be retrieved using methods and properties. Arrays of bytes representing a CMS/PKCS #7 message. Encodes the object into CMS/PKCS #7 message data. Array of bytes representing a CMS/PKCS #7 message. Loads a CMS/PKCS #7 encrypted message from a stream. Upon successful decoding, information can be retrieved using methods and properties. A stream from which to load the message. Saves into a stream. A stream to which to save the message. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Creates a copy of this object. A new object. Creates an instance of class. It must be initialized using or methods before any other methods and properties can be accessed. Creates an instance of class using the specified content information as the inner content. The inner content of the encrypted message. Creates an instance of class using the specified content information and encryption algorithm. The inner content of the encrypted message (see remarks). Encryption algorithm identifier. Currently, 3DES ("1.2.840.113549.3.7"), DES ("1.3.14.3.2.7") and RC2 ("1.2.840.113549.3.2") algorithms are supported. Creates an instance of class using the specified content information and encryption algorithm. The inner content of the encrypted message. Encryption algorithm identifier (see remarks). The key length. Currently, 3DES ("1.2.840.113549.3.7"), DES ("1.3.14.3.2.7") and RC2 ("1.2.840.113549.3.2") algorithms are supported. Gets or sets the to be used to find certificates corresponding to a . The certificate finder. Gets or sets a value indicating whether Cryptographic Service Provider (CSP) operations are permitted to display any user interface. A value indicating whether CSP can display UI. Gets a value indicating whether the content is encrypted. A value indicating whether the content is encrypted. Gets the collection of unprotected (unencrypted) attributes associated with this CMS/PKCS #7 message. Unprotected attribute collection. Gets the collection of certificates that are embedded in the message. Collection of certificates Gets the collection of recipients associated with this CMS/PKCS #7 message. A collection of recipients. Gets the inner content information for this CMS/PKCS #7 message. It contains the content type identifier and content data. The inner content. This method returns the encrypted content for parsed messages and unencrypted content for newly created messages. To encrypt or decrypt the content, use and methods. Gets the identifier of the algorithm used to encrypt the content. An object. Returns a value indicating whether the private key to decrypt the symmetric key and encrypted content is available. True if the private key is available, false if it isn't. Defines the interface that certificate finder classes must implement. Finds a certificate corresponding to the specified subject indentifier. Identifier of the subject certificate. A certificate store containing the certificates that were included with the message. Certificate chain if found, or null (Nothing in Visual Basic). Provides a set of common certificate finders. Certificate finder. CertificateChain array. New instance of CertificateChainFinder. Default certificate finder. Searches for certificates in the current user's "My", "Trusted people" and "Other people" stores. Represents a RSA or DSA private key. Creates a new instance of . Use the method to load a private key. Creates a new instance of based on the specified RSA parameters. RSA parameters including private keys. Creates a new instance of based on the specified DSA parameters. DSA parameters including private keys. Gets the raw form of the private key. Array of bytes. Gets the DSA parameters for a DSA key. May only be used for DSA private keys. DSA paramaters. Gets the RSA parameters for a RSA key. May only be used for RSA private keys. RSA paramaters. Saves the private key into the supplied stream in Base64-encoded PKCS #8 format. A stream to which to save the private key. Password to encrypted the private key, or null if no encryption desired. Encryption algorithm identifier. Ignored if password is null. Currently, 3DES ("1.2.840.113549.3.7"), DES ("1.3.14.3.2.7") and RC2 ("1.2.840.113549.3.2") algorithms are supported. Loads a PKCS #8 or SSLeay-format private key from a stream. Upon successful decoding, information can be retrieved using methods and properties. A stream from which to load the private key. Password used to encrypted the private key, or null if no password needed. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Gets the key algorithm identifier. Key algorithm identifier. Represents a CMS/PKCS #7 encrypted message recipient. This class is inherited by and classes. Gets the identifier of the recipient. Identifier of the recipient. Gets the identifier of the algorithm used to encrypt the symmetric key. An object. Gets the encrypted key for the recipient. Encrypted key. Gets the certificate associated with the recipient, or null if not available. The recipient's certificate, or null. Defines key transport recipient information, typically using the RSA algorithm to encrypt the shared symmetric key to transport. Creates a new instance of that defines the key transport recipient information for the owner of the specified RSA certificate. The recipient's certificate. Creates a new instance of that defines the key transport recipient information for the owner of the specified RSA certificate and subject identifier type. The recipient's certificate. Subject identifier type - only IssuerAndSerialNumber and SubjectKeyIdentifier values are accepted. Gets the identifier of the recipient. Identifier of the recipient. Gets the identifier of the algorithm used to encrypt the symmetric key. An object. Gets the encrypted key for the recipient. Encrypted key. Gets the certificate associated with the recipient, or null if not available. The recipient's certificate, or null. Defines key agreement algorithm recipient information. The key itself is not transported - the two parties that will be using a symmetric key both take part in its generation. Please note that this method is not yet fully supported by Rebex Security library. Gets the identifier of the key originator. Identifier of the key originator. Gets the identifier of the recipient. Identifier of the recipient. Gets the identifier of the algorithm used to encrypt the symmetric key. An object. Gets the encrypted key for the recipient. Encrypted key. Gets the certificate associated with the recipient, or null if not available. The recipient's certificate, or null. A collection of objects. Creates an empty and read-only instance of . Adds a to the collection. A recipient info to add. Removes a from the collection. A recipient info to remove. Removes a recipient info at the specified index from the list. A zero-based index of a recipient info to remove.. Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets or sets the at the specified index. The zero-based index of the to get. A recipient info. Represents a CMS/PKCS #7 signed data. Creates a signatures for all signers that do not have one yet. Validates all digital signatures on this CMS/PKCS #7 signed message and validates all the signers' certificates. Validation result. Validates all digital signatures on this CMS/PKCS #7 signed message. Optionally, signers' certificates are validated, and the specified validation options are taken into account. Specifies whether to only verify the signatures, skipping the certificate validation. Signature and certificate validation options. Validation result. Creates a receiving stream for this CMS/PKCS #7 message. A write-only receiving stream. Receiving stream accepts raw CMS/PKCS #7 signed message data. Before all the data has been written and the stream has been closed, no methods or properties of should be accessed. Decodes an encoded CMS/PKCS #7 signed message from raw data. Upon successful decoding, information can be retrieved using methods and properties. Array of bytes representing a CMS/PKCS #7 message. Encodes the object into CMS/PKCS #7 message data. Array of bytes representing a CMS/PKCS #7 message. Loads a CMS/PKCS #7 signed message from a stream. Upon successful decoding, information can be retrieved using methods and properties. A stream from which to load the message. Saves into a stream. A stream to which to save the message. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Creates a copy of this object. A new object. Creates an instance of class. Creates an instance of class using the specified content information as the inner content. The inner content of the signed message. Creates an instance of class using the specified content information as the inner content. The inner content of the signed message. Specifies whether the signature is detached. If detached, the actual content is not included within the signed message. Specifies what parts of the certificate chain should be included in the signed data. Certificate include option. Gets or sets the to be used to find certificates corresponding to a . The certificate finder. Gets or sets a value indicating whether CSP operations are permitted to display any user interface. A value indicating whether CSP can display UI. Gets the collection of certificates that are embedded in the message. Collection of certificates Gets the collection of signers associated with this CMS/PKCS #7 message. A collection of signers. Gets or sets the inner content information for this CMS/PKCS #7 message. It contains the content type identifier and content data. The inner content. Gets or sets a value indicating whether the actual content is detached from the message. True if the content is detached; False if the content is embedded within the message. Specifies what parts of the certificate chain should be included in the message. Leave the existing certificate in the collection. The certificate chain is not included. The certificate chain is included, except for the root certificate. Only the end certificate is included. The certificate chain, including the root certificate, is included. Represents a CMS/PKCS #7 message signer. Validates the signer's digital signature and validates the certificate. Validation result. Validates the signer's digital signatures. Optionally, signers' certificates are validated, and the specified validation options are taken into account. Specifies whether to only verify the signatures, skipping the certificate validation. Signature and certificate validation options. Validation result. Creates a signatures for the signer. Creates a new instance of that defines a signer corresponding to the specified certificate. An associated private key for the certificate must be available. The signer's certificate. Creates a new instance of that defines a signer corresponding to the specified certificate using the specified subject identifier type. An associated private key for the certificate must be available. The signer's certificate. Subject identifier type - only IssuerAndSerialNumber and SubjectKeyIdentifier values are accepted. Gets the identifier of the signer. Identifier of the signer. Gets the identifier of the digest algorithm. An object. Gets the identifier of the signature algorithm. An object. Gets the signature, or null if it is not available yet. The signature. Gets the collection of signed attributes associated with this CMS/PKCS #7 message. Signed attribute collection. Gets the collection of unsigned attributes associated with this CMS/PKCS #7 message. Unsigned attribute collection. Gets the certificate associated with the signer, or null if not available. The signer's certificate, or null. Gets the signing time, or 1970-01-01 if not available. Singing time. Gets the preferred subject identifier for key encryption. The preferred subject identifier. Gets the collection of S/MIME capabilities the signer supports. Collection of supported S/MIME capabilities. A collection of objects. Creates an empty and read-only instance of . Adds a to the collection. A signer info to add. Removes a from the collection. A signer info to remove. Removes a signer info at the specified index from the list. A zero-based index of a signer info to remove.. Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets or sets the at the specified index. The zero-based index of the to get. A signer info. Signature validation status. Certificate is not valid. Certificate is not available. A digest algorithm is not supported. A signature algorithm is not supported. A signature is invalid. Invalid key usage. Content type mismatch. Represents the result of signature validation. Gets the status mask. Status mask. Gets the certificate validation status mask. Certificate validation status mask. Gets the certificate chain validity status. True if valid, false if not valid. Represents an S/MIME capability. Initializes an instance of a with no parameters. The object identifier that identifies the S//MIME capability. Initializes an instance of a . The object identifier that identifies the S//MIME capability. Capability parameters in ASN.1 format. Gets the object identifier that identifies the S/MIME capability. The object identifier. Gets the S/MIME capability parameters. An array of bytes in ASN.1 format. A collection of objects. Adds a to the collection. An S/MIME capability to add. Removes a from the collection. An S/MIME capability to remove. Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets or sets the at the specified index. The zero-based index of the to get or set. An S/MIME capability. Gets the first with the specified object identifier. The object identifier, either friendly name or dotted string format. An S/MIME capability if found, or null if not found. Defines the type of subject identifier that identifies a subject and a certificate. The type of subject identifier is unknown. The subject is identified by the certificate issuer and serial number. The subject is identified by the hash of the subject's public key. The hash algorithm used is determined by the signature algorithm suite in the subject's certificate. The subject is identified by the subject's public key. The class identifies a subject, either by certificate issuer and serial number, by the subject key identifier or by a public key. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Initializes an instance of that identifies the subject of the specified certificate by its issuer and serial number. The certificate of the subject to identify. Initializes an instance of that identifies the subject of the specified certificate by the specified identifier type. The certificate of the subject to identify. The type of the subject identifier. Gets the type of the subject identifier. The type of the subject identifier. Gets the of the certificate issuer if this subject identifier is identified by the issuer name and serial number. Otherwise, this property will return null. Certificate issuer. Gets the serial number of the certificate if this subject identifier is identified by the issuer name and serial number. Otherwise, this property will return null. Certificate serial number. Gets the subject key identifier of the certificate if this subject identifier is identified by the subject key identifier. Otherwise, this property will return null. Certificate subject key identifier. Gets the public algorithm of the certificate if this subject identifier is identified by the public key. Otherwise, this property will return null. Certificate public key algorithm. Gets the public of the certificate if this subject identifier is identified by the public key. Otherwise, this property will return null. Certificate public key. The hash algorithm used to compute the hash for hash signing and verification methods. Unsupported hash algorithm. MD5. SHA1. MD5SHA1. The key algorithm for the certificate. Unsupported key algorithm. RSA. DSA. Intended key usage. Digital signature. Non-repudiation. Key encipherment. Data encipherment. Key agreement. Certificate signing. CRL signing. Key encipherment only. Key decipherment only. Represents an X509 v3 certificate with either RSA or DSA key. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Loads a certificate from an arary. An array containing DER encoded certificate data. Loads a DER encoded certificate from a given file. Path to a file. A certificate. Loads a certificate with a private key from a PKCS#12 (PFX) file. Path to a file. Encryption password. A certificate with private key. Loads a certificate with a private key from a PKCS#12 (PFX) array. An array containing DER encoded PKCS#12 data. Encryption password. A certificate with private key. Returns the DN of the certification authority that issued the X.509v3 certificate. DN of the certification authority that issued the X.509 certificate. Returns the name of the certification authority that issued the X.509v3 certificate. The name of the certification authority that issued the X.509 certificate. Returns DN of the principal to which the certificate was issued. DN of the principal to which the certificate was issued. Returns the name of the principal to which the certificate was issued. The name of the principal to which the certificate was issued. Returns the public key for the X.509v3 certificate. The public key for the X.509v3 certificate. Returns the key algorithm parameters for the X.509v3 certificate. The the key algorithm parameters for the X.509v3 certificate. Returns the certificate's subject key identifier (SKI). Subject key identifier. Returns the list of certificate's e-mail addresses. The list of addresses. Returns the serial number of the X.509v3 certificate. The serial number of the X.509 certificate as an array of bytes. Returns the expiration date of this X.509v3 certificate. The expiration date for this X.509 certificate. The expiration date is the date after which the X.509 certificate is no longer considered valid. Returns the effective date of this X.509v3 certificate. The effective date for this X.509 certificate. The effective date is the date after which the X.509 certificate is considered valid. Returns the hash value for the X.509v3 certificate as an array of bytes. The hash value for the X.509 certificate. Returns the raw data for the entire X.509v3 certificate. The raw data for the entire X.509v3 certificate. Checks whether a private key for this certificate is available. true if available, false if not available. Checks whether a certifiacte is time valid. true if valid, false if not valid. Returns the intended key usage value. Intended key usage. This method is deprecated, use instead. An array of intended key usage identifiers. Returns an array of enhanced key usage identifiers. An array of enhanced key usage identifiers, or null if the certificate is valid for all uses. Returns the DSA parameters of certificate's public key. The DSA parameters of certificate's public key. Returns the RSA parameters of certificate's public key. The RSA parameters of certificate's public key. Returns the size of the key in bits. Size of the key in bits. Verifies the specified signature data by comparing it to the signature computed for the specified hash value. The hash value of the signed data. A hash algorithm used to create the hash value. The RSA signature for the specified hash value. true if the signature verifies as valid; otherwise, false. The hash algorithm parameter is ignored with managed RSA. Computes the signature for the specified hash value by encrypting it with the private key. The hash value of the data to be signed. A hash algorithm used to create the hash value. If set to true, the CSP should not display any user interface (UI). The RSA signature for the specified hash value.

The private key for a certificate must be available for this method to succeed.

If silent operation is requested and the CSP must display UI to operate, this method will fail.

Encrypts data. Data to be encrypted. Encrypted data. Decrypts data. Data to be decrypted. If set to true, the CSP should not display any user interface (UI). Decrypted data. If silent operation is requested and the CSP must display UI to operate, this method will fail. Verifies the validity of the certificate. Validation result. Verifies the validity of the certificate, including its compliance with the specified criteria. Validation options. Validation result. Verifies the validity of the certificate, including its compliance with the specified criteria. The name of the server. Validation options. Validation result. Verifies the validity of the certificate, including its compliance with the specified criteria, using the specified chain engine. The name of the server. Validation options. Certificate chain engine. Validation result. Disposes the object and releases resources. Calling this method ensures that all resources are freed. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Finalizer called by garbage collector. Gets a handle of the certificate. A handle of the certificate.

Behaviour of this property is subject to change.

On non-Windows system, this will always return null.

Returns the key algorithm for this certificate. The key algorithm for this certificate. A chain engine (name space and cache) to be used to build and validate certificate chains. The chain engine of the current user. The chain engine of the local machine. Represents a chain of certificates. A chain starts by the end certificate and each following certificate must directly certify the one preceding it. The last certificate in the list is a self-signed root certificate, and may be optionally omitted under the assumption it must be known in any case. Adds a certificate to the end of the chain. The certificate to be added to the chain. The position of the certificate in the chain. Creates an empty certificate chain. Creates a certificate chain from an array of certificates. An array of certificates. Loads a certificate with a private key from a PKCS#12 (PFX) file. Path to a file. Encryption password. A certificate with private key. Not supported in builds for .NET CF. Loads a certificate with a private key from a PKCS#12 (PFX) array. An array containing DER encoded PKCS#12 data. Encryption password. A certificate with private key. Not supported in builds for .NET CF. Verifies the specified signature data by comparing it to the signature computed for the specified hash value. The hash value of the signed data. A hash algorithm used to create the hash value. The RSA signature for the specified hash value. true if the signature verifies as valid; otherwise, false. The hash algorithm parameter is ignored with managed RSA. Builds a certificate chain for a specified certificate. End certificate. The chain for an end certificate. This function builds a certificate chain context starting from an end certificate and going back, if possible, to a trusted root certificate. Builds a certificate chain for a specified certificate. End certificate. Certificate chain engine. The chain for an end certificate. This function builds a certificate chain context starting from an end certificate and going back, if possible, to a trusted root certificate. Builds a certificate chain for a specified certificate. End certificate. Additional store to search in addition to system stores. The chain for an end certificate. This function builds a certificate chain context starting from an end certificate and going back, if possible, to a trusted root certificate. Builds a certificate chain for a specified certificate. End certificate. Certificate chain engine. Additional store to search in addition to system stores. The chain for an end certificate. This function builds a certificate chain context starting from an end certificate and going back, if possible, to a trusted root certificate. Verifies the validity of the certificate chain. Validation result. Verifies the validity of the certificate chain, including its compliance with the specified criteria. Validation options. Validation result. Verifies the validity of the certificate chain, including its compliance with the specified criteria. The name of the server. Validation options. Validation result. Verifies the validity of the certificate chain, including its compliance with the specified criteria, using the specified chain engine. The name of the server. Validation options. Certificate chain engine. Validation result. Gets the number of certificates in the chain. The number of certificates in the chain. Gets or sets the certificate at the specified position. The certificate at the specified position The certificate at the specified position. Represents a collection of X509 v3 certificates. Creates a new instance of . Adds a to the collection. A certificate to add. Removes a from the collection. A certificate to remove. Removes all certificates from the collection. Copies the range of elements from the to a compatible one-dimensional array, starting at the specified index of the target array. One-dimensional zero-based array that is the destination of the elements copied from . A zero-based index in the destination array at which copying begins. Gets the at the specified index. The zero-based index of the to get. A certificate. The exception that is thrown when a certificate-related error occurs. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Initializes a new instance of the Exception class with a specified error message. The error message that explains the reason for the exception. Initializes a new instance of the Exception class with a specified error message and a reference to the inner exception that is the cause of this exception. The error message that explains the reason for the exception. The exception that is the cause of the current exception. Options for methods. Only find certificates that have a private key. Only find certificates that are time valid. Only find certificates that can be used for client authentication. Only find certificates that can be used for server authentication. The type of search for method. Certificates whose subject key identifier (SKI) matches the specified value. Specifies the location of the certificate store. None. The store located at HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates. The store located at HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates. The store located at HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\<ServiceName>>\SystemCertificates. The store located at HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\<ServiceName>\SystemCertificates. The store located at HKEY_USERS\<UserName>\Software\Microsoft\SystemCertificates. The store located at HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates. The store located at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates. The store located at HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates. Specifies the name of the certificate store. None. Other users. Third-party certificate authorities. Intermediate certificate authorities. Revoked certificates. Personal certificates Trusted root certificate authorities. Directly trusted people and resources. Directly trusted publishers. Represents a certificate store. Opens a system certificate store of the specified name a the specified location. The store name. Specifies the location of the certificate store. Some example system stores are:
"CA" - Certification authority certificates.
"My" - A certificate store that holds certificates with associated private keys.
"Root" - Root certificates.
"SPC" - Software publisher certificate.
"Trust"
"Disallowed"
 Opens a system certificate store of the specified name a the specified location. The store name value. Specifies the location of the certificate store. Opens a system certificate store of the specified name. The store name. Some example system stores are:
"CA" - Certification authority certificates.
"My" - A certificate store that holds certificates with associated private keys.
"Root" - Root certificates.
"SPC" - Software publisher certificate.
"Trust"
"Disallowed"
 Opens a system certificate store of the specified name. The store name value. Creates a temporary memory-based certificate store and populates it with certificats from the specified collection. The certificate collection. Determines whether the specified certificate store exists. The store name. Specifies the location of the certificate store. True if the store exists; false otherwise. Determines whether the specified certificate store exists. The store name value. Specifies the location of the certificate store. True if the store exists; false otherwise. Determines whether the specified certificate store exists. The store name. True if the store exists; false otherwise. Determines whether the specified certificate store exists. The store name value. True if the store exists; false otherwise. Adds a certificate to this certificate store. Certificate to be added. Removes a certificate from this certificate store. Certificate to be removed. Returns all certificates issued by the specified issuer and corresponding to specified options. Issuer DN. Options. An array of certificates. Returns all certificates with the specified serial number issued by the specified issuer and corresponding to specified options. Issuer DN. Certificate serial number. Options. An array of certificates. Returns all certificates matching the specified criteria. Specifies the type of search being made. A byte array whose meaning is defined by 'findType'. Options. An array of certificates. Returns all certificates issued by one of specified issuers and corresponding to specified options. An array of issuers' DNs. Options. An array of certificates. Returns all certificates matching the specified certificate and options. Certificate to find. Options. An array of certificates. Returns all certificates corresponding to specified options. Options. An array of certificates. Returns all certificates corresponding to the specified e-mail address. E-mail address. An array of certificates. Returns all certificates corresponding to the specified e-mail address and options. E-mail address. Options. An array of certificates. Disposes the object and releases resources. Calling this method ensures that all resources are freed. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Finalizer called by garbage collector. Gets a handle of the certificate. A handle of the certificate.

Behaviour of this property is subject to change.

On non-Windows system, this will always return null.

Represents a distinguished name. Creates an instance of distingushed name from an ASN1 block. ASN1 block. Creates an instance of distingushed name from a DN string. DN string. Returns the list of DN's e-mail addresses. The list of addresses. Converts a distinguished name into a byte array. Byte array. Returns a string representation of the object. A DN string. Represents a block of unmanaged memory. Allocates a block of unmanaged memory with the specified length. The length of unmanaged memory block. Creates an unmanaged block that represents a block of memory specified by the supplied pointer. Pointer to a block of unmanaged memory. Returns a pointer to the current unmanaged memory block. A pointer to unamanged memory block. Writes an 8-bit unsigned integer to the specified offset of the memory block. Offset in the memory block. The value to write. Reads an 8-bit unsigned integer from the specified offset of the memory block. Offset in the memory block. Writes a 64-bit signed integer value to unmanaged memory. The address in unmanaged memory to which to write. An additional byte offset, added to the ptr parameter before writing. The value to write. Reads a 64-bit signed integer value from unmanaged memory. The address in unmanaged memory from which to read. An additional byte offset, added to the ptr parameter before reading. The value. Writes a 64-bit signed integer to the specified offset of the memory block. Offset in the memory block. The value to write. Reads a 64-bit signed integer from the specified offset of the memory block. Offset in the memory block. Writes a 32-bit signed integer to the specified offset of the memory block. Offset in the memory block. The value to write. Reads a 32-bit signed integer from the specified offset of the memory block. Offset in the memory block. Writes a 16-bit unsigned integer to the specified offset of the memory block. Offset in the memory block. The value to write. Reads a 16-bit unsigned integer from the specified offset of the memory block. Offset in the memory block. Writes a pointer to the specified offset of the memory block. Offset in the memory block. The value to write. Reads a pointer from the specified offset of the memory block. Offset in the memory block. Reads a string from an unmanaged pointer. The address in unmanaged memory from which to read. The string. Reads a string of the specified length from an unmanaged pointer. The address in unmanaged memory from which to read. The length of the string. The string. Allocates a block of an unmanaged memory for the data contained in the specified byte array. A byte array. A . Allocates a byte array for the data contained in the unmanaged memory block. A byte array. Disposes the object and releases resources. Calling this method ensures that all resources are freed. Releases the unmanaged resources and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Finalizer called by garbage collector. Certificate validation method options. No options specified. Ignore an invalid time. Ignore an invalid certificate trust list time. Ignore an invalid time nesting. Ignore all invalid time checks. Ignore invalid basic constraints. Allow unknown certification authority. Ignore wrong usage of the certificate. Ignore invalid policy. Ignore an unknown revocation status of the end certificate. Not supported in builds for .NET CF. Ignore an unknown revocation status of the certificate trust list signer. Not supported in builds for .NET CF. Ignore an unknown revocation status of the CA certificate. Not supported in builds for .NET CF. Ignore an unknown revocation status of a root certificate. Not supported in builds for .NET CF. Ignore all unknown revocation statuses. Allow a test root. Not supported in builds for .NET CF. Trush a test root. Not supported in builds for .NET CF. Only use local cache, do not access the network. Not supported in builds for .NET CF. Ignore invalid common name. Certificate validation status. This certificate or one of the certificates in the certificate chain is not time valid. Certificates in the chain are not properly time nested. Trust for this certificate or one of the certificates in the certificate chain has been revoked. The certificate or one of the certificates in the certificate chain does not have a valid signature. The certificate or certificate chain is not valid for its proposed usage. The certificate or certificate chain is based on an untrusted root. The revocation status of the certificate or one of the certificates in the certificate chain is unknown. One of the certificates in the chain was issued by a certification authority that the original certificate had certified. One of the certificates has an invalid extension. The certificate or one of the certificates in the certificate chain has a policy constraints extension, and one of the issued certificates has a disallowed policy mapping extension or does not have a required issuance policies extension. The certificate or one of the certificates in the certificate chain has a basic constraints extension and either the certificate cannot be used to issue other certificates or the chain path length has been exceeded. The certificate or one of the certificates in the certificate chain has an invalid name constraints extension. The certificate or one of the certificates in the certificate chain has a name constraints extension containing unsupported fields. The certificate or one of the certificates in the certificate chain has a name constraints extension and a name constraint is missing for one of the name choices in the end certificate. The certificate or one of the certificates in the certificate chain has a name constraints extension and there is not a permitted name constraint for one of the name choices in the end certificate. The certificate or one of the certificates in the certificate chain has a name constraints extension and one of the name choices in the end certificate is explicitly excluded. The certificate chain is not compete. A CTL used to create this chain was not time valid. A CTL used to create this chain did not have a valid signature. A CTL used to create this chain is not valid for this usage. The revocation status of the certificate or one of the certificates in the certificate chain is either off-line or stale. The end certificate does not have any resultant issuance policies, and one of the issuing CA certificates has a policy constraints extension requiring it. Unknown error. A path length constraint in the certification chain has been violated. Not supported in builds for .NET CF. A certificate contains an unknown extension that is marked critical. Not supported in builds for .NET CF. A parent of a given certificate in fact did not issue that child certificate. Not supported in builds for .NET CF. A certificate chain could not be built to a trusted root authority. Not supported in builds for .NET CF. The certificate's CN name does not match the passed value. A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. Not supported in builds for .NET CF. The certificate was explicitly marked as untrusted by the user. Not supported in builds for .NET CF. A certificate is missing or has an empty value for an important field, such as a subject or issuer name. Not supported in builds for .NET CF. There might be more errors apart from those reported. Represents the result of certificate chaing validation. Gets the status mask. Status mask. Gets the certificate chain validity status. True if valid, false if not valid. Gets the error code returned by the validation function. The error code returned by the validation function.