Hi everyone!
I am making software for digital signature verification, using vb2005.
I have a problem with Certificate revocation list (CRL)
I have to chech if a certificate WAS valid in the time when the signature has been made. It is not important if a certificate has expired or has been revoked after the time when the signature has been made.
If I use Security.Cryptography.X509Certificates.X509Chain() object it can check if a certificate IS valid NOW. It is not good, because sertificate can be revoced after a signature has been made.
Also Security.Cryptography.X509Certificates.X509Chain() object needs CRL that is fresh, that has not yet expired. It is also not good because, old CRL that has expired is perfectly good proof that a certificate has been revoced or not in some point of time (the time when the CRL was valid)
Also Security.Cryptography.X509Certificates.X509Chain() object stores CRL-s in directory C:\Documents and Settings\<user-name>\Application Data\Microsoft\CryptnetUrlCache\Content
and the names or CRL files are somehting like this:
E6024EAC88E6B6165D49FE3C95ADD735
So I can not substitute that file with CRL file that I archived some time ago(I simply do not not the name of the file to use)
Also I get that a certificate has been revoked but not the date of revocation which is very important to compare wiht the date when the signature has been made.
Is there any way to direct X509Chain to use some other (archived) CRL file?
Is there any way to make him ignore that CRL has expired?
Is there a way to get a date and time of revocation?
Is there a way to read the content of CRL file?
Should I install CRL file into certificate store and if yes why?