Using memory to store certificates and keys improves security because user does not need to specify the place where the certificates are stored, only the certificates itself.
Certificates and keys are passed to the MemCryptStorage class in the PEM format as binary raw or string. They can contain LF, CR/LF, or no line break as displayed below.
*****BEGIN CERT....****\n AAAAAAAAAAAAAAAAAAAA\n BBBBBBBBBBBBBBBBBBBBBB\n ... *****END...*******\n
*****BEGIN CERT....****\r\n AAAAAAAAAAAAAAAAAAAA\r\n BBBBBBBBBBBBBBBBBBBBBB\r\n ... *****END...*******\r\n
*****BEGIN CERT....****AAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBB...*****END...*******
However, we don't recommend changing the original format of certificates. It is better to pass them as is.
You can specify the certificates, stored in memory, in the connection string by using "memory://" storage, and the certificate or key id. For example: SSL CA Cert="memory://my_ca_id"
// add certificates and keys to the memory storage from files from temp directory MemCryptStorage.AddCa("my_ca", File.ReadAllBytes("D:\\Temp\\root.crt")); MemCryptStorage.AddCert("my_cert", File.ReadAllBytes("D:\\Temp\\postgresql.crt")); MemCryptStorage.AddKey("my_key", File.ReadAllBytes("D:\\Temp\\postgresql.key")); // now certificates can be removed from the disk // use specific id in memory instead real certificates in the ssl connection parameters string str = "host=localhost;port=5438;userid=postgres;pwd=postgres;database=test;schema=public;" + "Ssl Mode=Require; CA Cert=\"memory://my_ca\"; SSl Cert=\"memory://my_cert\";SSL Key=\"memory://my_key\""; PgSqlConnection conn = new PgSqlConnection(str); conn.Open(); // Or you can use SSLOptions conn.SslOptions.SslMode = SslMode.Require; conn.SslOptions.CACert = "memory://my_ca"; conn.SslOptions.Cert = "memory://my_cert"; conn.SslOptions.Key = "memory://my_key";
' add certificates and keys to the memory storage from files from temp directory MemCryptStorage.AddCa("my_ca", File.ReadAllBytes("D:\Temp\root.crt")) MemCryptStorage.AddCert("my_cert", File.ReadAllBytes("D:\Temp\postgresql.crt")) MemCryptStorage.AddKey("my_key", File.ReadAllBytes("D:\Temp\postgresql.key")) ' now certificates can be removed from the disk ' use specific id in memory instead real certificates in the ssl connection parameters Dim str As String = "host=localhost;port=5438;userid=postgres;pwd=postgres;database=test;schema=public;" & _ " CA Cert=""memory://my_ca""; SSl Cert=""memory://my_cert"";SSL Key=""memory://my_key""" Dim conn As New PgSqlConnection(str) conn.Open() ' Or you can use SSLOptions conn.SslOptions.SslMode = SslMode.Require conn.SslOptions.CACert = "memory://my_ca" conn.SslOptions.Cert = "memory://my_cert" conn.SslOptions.Key = "memory://my_key"
System.Object
Devart.Data.PostgreSql.MemCryptStorage
Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2