Hi Sid, I asked this question just last week ;-)
What I ended up doing is to use a pkcs12 file to store private certs/keys and a file containing unencrypted certs for everything else (like CAs and such). If you come up with a better way, I'd appreciate if you let me know. I'm working on a cross-platform (Windows, Mac, Linux, iOS, and Android) MIME library with support for S/MIME and PGP, so am really interested in a cross-platform way of managing certificates. You can find my current cross-platform certificate management logic here: https://github.com/jstedfast/MimeKit/blob/master/MimeKit/Cryptography/DefaultSecureMimeContext.cs#L104 and here: https://github.com/jstedfast/MimeKit/blob/master/MimeKit/Cryptography/X509CertificateStore.cs The first link creates 2 X509CertificateStores, one for root certificates and one for user certs (equivalent, I suppose, of StoreName.Root and StoreName.My). I should probably also have something equivalent to StoreName.AddressBook, but right now they are stored in the pkcs12 file along with the user's other personal certificates. Hope that helps, Jeff On Tue, Nov 12, 2013 at 1:42 PM, Sid Shetye <sid...@outlook.com> wrote: > Hi folks, > > > > Although we do use BC for some crypto stuff, we haven’t explored anything > beyond the standard Windows cert store for certificate storage. So at > present we use the Windows certificate store as: > > > > var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); > > store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly); > > var certs = store.Certificates.Find(X509FindType.FindBySubjectName, > subjectName, true); > > > > We’d like to switch to something that’s more cross platform (esp Linux > compatible). What are some good design patterns for a secure, cross > platform certificate storage? We need to store RSA and EC certificates as > well as their respective private keys (if they exist in the password > protected PFX). > > > > Regards > > Sid > > >
