Custom trust store management for PQ-compatible PKI infrastructures.

using WvdS.System.Security.Cryptography.X509Certificates;
 
// Create trust store
using var trustStore = new PqTrustStore();
 
// Add Root CA
var rootCa = new X509Certificate2("root-ca.cer");
trustStore.AddTrustAnchor(rootCa, alias: "Company Root CA");
 
// Add Intermediate CA
var intermediateCa = new X509Certificate2("intermediate-ca.cer");
trustStore.AddIntermediate(intermediateCa, alias: "Issuing CA");

// Load trust store
using var trustStore = PqTrustStore.LoadFromPem("company-trust-store.pem");
 
// Validate certificate
var userCert = new X509Certificate2("user.cer");
 
using var chain = new X509Chain();
bool isValid = chain.Build(userCert, trustStore, CryptoMode.Hybrid);

// Save/load PEM bundle
trustStore.SaveToPem("trust-store.pem");
var loadedStore = PqTrustStore.LoadFromPem("trust-store.pem");
 
// PKCS#7 (DER)
trustStore.SaveToPkcs7("trust-store.p7b");
var p7Store = PqTrustStore.LoadFromPkcs7("trust-store.p7b");

using var trustStore = new PqTrustStore();
 
// Import Windows Root CAs
trustStore.ImportFromSystemRootStore();
 
// Export as PEM for air-gapped systems
trustStore.SaveToPem("system-trust-store.pem");

// Only trust anchors
var roots = trustStore.TrustAnchors;
 
// Only Intermediate CAs
var intermediates = trustStore.IntermediateCAs;
 
// Search by Subject/Thumbprint
var found = trustStore.FindBySubjectName("Company");
var entry = trustStore.FindByThumbprint("A1B2C3...");

• X509ChainExtensions
• RevocationExtensions

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional