Access to a smartcard key

Hi all,

I'm trying to sign using a key stored in a smartcard and I'm going crazy. I use the following code:

CspParameters csp = new CspParameters(1, "SafeSign CSP Version 1.0");
csp.KeyNumber = 1;
csp.KeyContainerName = "86332793-9965-41e2-9fff-6ce481e86889";
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);

But then I get the error "More info is available". What's that If I do not specify any container name then the constructor doesn't complain but when specifying a container name then I got the exception.

Any idea Any help will be really apreciated!
Thanks in advance

Answer this question

Access to a smartcard key

Harry_MSFT
Hello

Does anyone know where this issue stands

If I go to this link (http://lab.msdn.microsoft.com/ProductFeedback/viewFeedback.aspx feedbackid=0022f1de-c89d-435c-b8dd-1372d67d1ab9) I don't see anything to indicate if it has been resolved.

I tried to access this link (http://windowssdk.msdn.microsoft.com/library/default.asp url=/library/en-us/seccrypto/security/retrieving_data_of_unknown_length.asp ) but it no longer appears to be valid.

I am using SafeNet's iKey 2032 USB token with XP and I am seeing the same results.

Code that works with Visual Studio 2003 results in the "More data is available" exception with Visual Studio SP1.

Can anyone clarify if this is a Microsoft problem or if I have to contact the manufacturer to get it resolved

Thanks in advance!
TavodelaCruz

There is currently a Product Feedback Center bug open on this issue (http://lab.msdn.microsoft.com/ProductFeedback/viewFeedback.aspx feedbackid=0022f1de-c89d-435c-b8dd-1372d67d1ab9). We're working to reproduce it and investigate the possible cause. This bug will get updated as we get more status on the issue and is the best place to keep up to date on the problem.

-Shawn

cymdiaz

As I was unable to use X509Certificate2 for signing from a SC I tried 
to use a lower level API, so I have used the following code:

CspParameters CSPParam = new CspParameters();
CSPParam.KeyContainerName = "MY";
CSPParam.ProviderName = DATAKEY_RSA_SCARD_PROV; //Smart card CSP

//"Datakey RSA CSP"
CSPParam.ProviderType = (int)CryptoCom.PROV_RSA_FULL;
CSPParam.KeyNumber = 2; // (int)KeyNumber.Signature;
RSACryptoServiceProvider Key = new RSACryptoServiceProvider(CSPParam);

Now comes the surprise, this code works perfectly on Visual studio 2003, 
but trying to use the same code, with the same smartcard and the same
CSP on visual studio 2005 I got the following error:
"More data is available". 
Anyone knows what is the problem 
If there is no solution for that problem, is somebody knows how can I use
.net 1.1 instead of .net 2.0 on Visual Studio 2005 please let me know.

Thanks a lot in advance.

EricLaw-MSFT
I have the same problem with Gemplus GemSAFE Card CSP. Any ideas to resolve this problem
JRC
Hi,

I got feed back from MS tech support. They said it's CSP problem.

CryptGetKeyParam fails with ERROR_MORE_DATA which is why the “More data is available” exception is thrown by .NET 2.0.

The smart card CSP should not fail CryptGetKeyParam and return ERROR_MORE_DATA when returning the data size. CryptGetKeyParam should succeed. The smart card CSP should be adhering to the following documentation - http://windowssdk.msdn.microsoft.com/library/default.asp url=/library/en-us/seccrypto/security/retrieving_data_of_unknown_length.asp.

Here is the relevant paragraph:

If NULL is input for pbData and pcbData is not NULL, no error is returned, and the function returns the size, in bytes, of the needed memory buffer in the variable pointed to by pcbData. This lets an application determine the size of, and the best way to allocate, a buffer for the returned data.
peter cli
I have a similar problem. I use the code from an example:
...
CspParameters csp = new CspParameters(1, "Siemens Card API CSP");
csp.Flags = CspProviderFlags.UseDefaultKeyContainer;

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
...

and I receive following exception in VS 2005:

Unhandled Exception: System.Security.Cryptography.CryptographicException: Invalid type specified.

at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)
at dbsectest.SCSign.Main(String[] args) in d:\work\dbsectest\Program.cs:line
91

in VS 2003 it works fine
tim2

Hello,

I create two examples for finding decision of this exception:

Example #1

int certPositionInStore = 1;

X509Store storeMy = new X509Store(StoreName.My, StoreLocation.CurrentUser);

X509Certificate2 x509Cert;

int iCount = 0;

storeMy.Open(OpenFlags.ReadOnly);

// Read certificates

foreach (X509Certificate2 foundcert in storeMy.Certificates)

{

if (certPositionInStore == iCount)

{

x509Cert = foundcert;

break;

}

iCount++;

}

storeMy.Close();

storeMy = null;

AsymmetricAlgorithm privateKey = new X509Certificate2(x509Cert).PrivateKey;

rsa = (RSACryptoServiceProvider)privateKey;

byte[] decryptedBytesBuffer = rsa.Decrypt(encryptBytesBuffer, false);

Example #2

int certPositionInStore = 1;

X509Store storeMy = new X509Store(StoreName.My, StoreLocation.CurrentUser);

X509Certificate2 x509Cert;

int iCount = 0;

storeMy.Open(OpenFlags.ReadOnly);

// Read certificates

foreach (X509Certificate2 foundcert in storeMy.Certificates)

{

if (certPositionInStore == iCount)

{

x509Cert = foundcert;

break;

}

iCount++;

}

storeMy.Close();

storeMy = null;

string CspName, KeyContName;

// CryptoAPI CertGetCertificateContextProperty function to get Key Container Name and CSP Name

WinCapi._GetLastLoadetCertContextProperty(x509Cert.Handle, out CspName, out KeyContName);

const int PROV_RSA_FULL = 1;

CspParameters CSPParam = new CspParameters(PROV_RSA_FULL, CspName);

CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;

CSPParam.KeyContainerName = KeyContName;

rsa = new RSACryptoServiceProvider(CSPParam);

byte[] decryptedBytesBuffer = rsa.Decrypt(encryptBytesBuffer, false);

In these two examples I recive the same exception:

{System.Security.Cryptography.CryptographicException: Invalid type specified.

at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID)
at System.Security.Cryptography.RSACryptoServiceProvider.get_KeySize()
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
at EnryptUtil.RSA.Decrypt.RsaDecrypt(X509Certificate2 DecryptCertificate)

in VS2003 and Framework 1.1 no errors.
Access to a smartcard key

Answer this question