I've been pouring through article after article on x509 cert creation, signing, etc. but I've yet to find a solution to my problem - wondering if anyone can point me in the right direction because I'm thoroughly confused at this point. Here's what I'm trying to do:
For the client app:
For the server app:
I need to do this all programmatically in .Net and without external .exe's like makecert.exe or openssl.exe - I need to use an in-process library, etc.
I have bits and pieces worked out using various libs like Bouncy Castle, .Net Crypto, openssl, etc. - but I always hit a roadblock either with lack of documention or not being able to get to the keypairs as byte[] so I can persist them, etc. Either I'm making this a lot harder than it is, or there's a severe lack of documentation out there - or both.
I figure someone has to have done this before and I'd really appreciate some help - I'm open to any and all suggestions - thanks!
.. and PKIBlackbox isn't an option - it costs too much :(
You can use the Bouncycastle C# library. Documentation is not good, but I believe it is not too difficult to work with. You can first go to the Javadocs for the java version of the library; the java and C# version are very similar. Secondly, look at the source code, as it is relatively easy to read.
The class you want is Org.BouncyCastle.X509.X509V3CertificateGenerator. There are some java examples out there on the net that you can use as a guide to creating a C# version. Here is one simple straightforward one.
Finally, Bouncycastle has a very useful class Org.BouncyCastle.Security.DotNetUtilities that helps to map between Bouncycastle objects and .NET objects. One such pair of methods are ToX509Certificate() and FromX509Certificate(). Also, note that the .NET X509Certificate class has Import() and Export() methods.
Together these should be sufficient to allow you to solve your problem.