Microsoft KB Archive/318217

= PRB: X509Certificate Supports Only DER-Encoded Certificates =

Article ID: 318217

Article Last Modified on 10/20/2003

-

APPLIES TO


 * Microsoft .NET Framework Class Libraries 1.0
 * Microsoft .NET Framework Class Libraries 1.1

-



This article was previously published under Q318217



This article refers to the following Microsoft .NET Framework Class Library namespaces:
 * System.IO
 * System.Security.Cryptography.X509Certificates
 * System.Text



SYMPTOMS
When you use the System.Security.Cryptography.X509Certificates.X509Certificate class, you may receive the following error message:

Input data cannot be coded as a valid certificate.

This problem occurs if one of the following conditions is true:
 * You use the X509Certificate constructor and pass an array of bytes that are read from a Base64-encoded X.509 (.cer) file to the X509Certificate constructor. -or-


 * You use the X509Certificate.CreateFromCertFile method and pass in the path to a Base64-encoded X.509 (.cer) file.



CAUSE
This problem occurs because the X509Certificate class only supports binary X.509 (.cer) certificates that are encoded in Distinguished Encoding Rules (DER).



RESOLUTION
If the certificate is Base64-encoded, follow these steps to resolve this problem:  Remove the following strings from the certificate data:

-BEGIN CERTIFICATE- -END CERTIFICATE-

  Decode the Base64 certificate data. For example, the following Visual C# sample code decodes Base64 certificate data: using System; using System.IO; using System.Security.Cryptography.X509Certificates; using System.Text;

namespace ReadBase64Cert {   public class ReadBase64Cert {       public ReadBase64Cert {       }        public static void Main(string[] args) {           if (args.Length < 1) {               Console.WriteLine(&quot;Usage: Base64EncodedFile (.cer)\n&quot;); return; }

// args[0] - Base64Encoded .cer file

// Open the certificate, and read it into a byte array. FileStream certFile = new FileStream(args[0],               FileMode.Open,                FileAccess.Read); int size = (int)certFile.Length; byte[] certBytes = new byte[size]; size = certFile.Read(certBytes, 0, size); certFile.Close; // Remove the unnecessary characters. String certString = Encoding.ASCII.GetString(certBytes); StringBuilder sb = new StringBuilder(certString); sb.Replace(&quot;-BEGIN CERTIFICATE-&quot;, &quot;&quot;); sb.Replace(&quot;-END CERTIFICATE-&quot;, &quot;&quot;); // Decode the bytes from base64 to raw bytes. certBytes = Convert.FromBase64String(sb.ToString); X509Certificate cert = new X509Certificate(certBytes); Console.WriteLine(cert.GetName); }   } }                    



STATUS
This behavior is by design.

Additional query words: Base 64 Base-64

Keywords: kbcrypt kbkernbase kbsecurity kbprb KB318217

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.