I'm trying to use certificates that are not self generated (e.g. by makecert), and in fact come from a third party.

These certificates return false for SupportsDataEncryption & SupportsDigitalSignature, despite claiming to support all application policies when viewed in the certmgr MMC tool.

If I generate certificates using makecert with the appropriate flag, they work fine. Both the Mentalis library and the MS WSE1 X509Certificate report the same property values (false).

The certificate provider swears blind that these certificates do support both options. However they provide an unmanaged dll with a proprietary store which I am not keen to use (would prefer to stick with the windows crypto store to ease deployment and interoperability issues).

I checked GetIntendedKeyUsage() but am not sure on the best usage of this method. Are the 2 properties above derived from/consistent with the return code from GetIntendedKeyUsage()?

Thanks in advance
Stephen

Well I just checked the source code and I can see that GetIntendedKeyUsage() and the SupportsDataEncryption & DigitalSignatures properties are the same thing, so I have answered that part myself.

Well, upon even more investigation I discovered that the certificate provider is only setting the Key Encipherment bit (0x20), when the Mentalis and WSE frameworks expect the Data Encipherment (0x10) bit set for SupportsDataEncryption. Go figure...

Anyway, I guess I answered both my own questions.