SgDotNet
Singapore Professional .NET User Group -For Cool Developers
Forums » .NET Framework » Security » Error Signing with a key stored in a smart card using X509Certificate2 class

Error Signing with a key stored in a smart card using X509Certificate2 class

rated by 0 users
This post has 2 Replies | 0 Followers

Top 200 Contributor
Posts 8
Reply
Senshodan Posted: 01-26-2006 6:16 PM
Hi all,

Let's see if somebody can help about the following issue:

I'm using the following code to create a signedXML object:

uint hCertStore = Crypt32.CertOpenSystemStore(0, "My");
uint pCertContext = Crypt32.CertEnumCertificatesInStore(hCertStore, (uint)0);
// MyCert points to a key stored in a SmartCard
X509Certificate2 MyCert = new X509Certificate2(pCertContext);
SignedXml signedXml = new SignedXml();
signedXml.SigningKey = cert.PrivateKey;

And then I got the exception "There are more data available".

I have also tried to do the same using a more low level API:
CspParameters csp = new CspParameters(1, "Schlumberger Cryptographic Service Provider");
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);

And it works, BUT the problem is that I don't want to use the default key container but the container where the private key associated to my Cert is stored. I can custom this property doing the following:

csp.KeyContainerName = "My container name";

But then, when doing RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp); I get the same error ( There are more data available). So the point is that I can use the smart card for signing but not a specific key which is not valid for my case because I want to use the key associated with a certificate.

Any further idea? I am a bit desesperated so I will pay a Beer [B] if someone helps me to solve that problem . Wink [;)]

Thanks in advance.
Ivan.



Top 25 Contributor
Posts 442
Reply
MaungMaung replied on 01-27-2006 11:10 PM

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=207279&SiteID=1

From what I understand from the above link is that the Private Key of the certificate stored in SmartCard is not easily readable.

You will have to enter PIN to be able to extract the PrivateKey from the certificate.

As explained in that forum, one of the techniques would be to use Win32 API, CryptAcquireCertificatePrivateKey ,  from Crypto32.dll.

Another technique would be to construct the RSACryptoServiceProvider with CspParameters structure which contains the name of the smart card CSP.

Try it out and let us know if it is working.  I don't have SmartCard reader so I have not tested this solution. Embarrassed [:$]

Hope it gives you some idea to get started.Idea [I]

Maung Maung

Maung Maung
Top 200 Contributor
Posts 8
Reply
Senshodan replied on 01-30-2006 4:44 PM 
As I was unable to use X509Certificate2 for signing from a SC I tried 
your suggestion about using a lower level API, so I have used the following code:

CspParameters CSPParam = new CspParameters();
CSPParam.KeyContainerName = "MY";
CSPParam.ProviderName = DATAKEY_RSA_SCARD_PROV; //Smart card CSP

//"Datakey class="iAs">RSA CSP"
CSPParam.ProviderType = (int)CryptoCom.PROV_RSA_FULL;
CSPParam.KeyNumber = 2;  // (int)KeyNumber.Signature;
RSACryptoServiceProvider Key = new RSACryptoServiceProvider(CSPParam);

Now comes the surprise, this code works perfectly on Visual studio 2003, 
but trying to use the same code, with the same smartcard and the same
CSP on visual studio 2005 I got also the error:
"More class="iAs">data is available". 
Anyone knows what is the problem?
If there is no solution for that problem, is somebody knows how can I use
.net 1.1 instead of .net 2.0 on Visual Studio 2005 please let me know.

Thanks a lot in advance.
Page 1 of 1 (3 items) | RSS
Copyright SgDotNet 2004-2008
Powered by Community Server (Commercial Edition), by Telligent Systems