Sign a XML file by SmartCard on the .NET

Hot Topic

What's the value of short-lived thread to be use them in thread pooling?
Playing a movie from Memory
Performance test - Web Services vs. .NET Remoting
Packaging applications
How to determine if a lease time expires (on the remote object)
Type Initializer therw an exception
Must Framework be installed?
Gridview headers display "A" character when htmlencode=false and htmltextwriter is used
Finally not called unless exception caught outside?
Class Library Protection

.NET Development

Web Service Soap exception related to SQL Server 2005 DB access
Arguments for Console Application
How to get the ip address of a printer?
How to create a single instance Data set?
BindingSource and Web Services
Zip files in c#
MSMQ Serializable Hashtable subclass causes a hang when extracting Message.Body
delegates and event (=? +=?)
Setup project uninstall issue
Creating a remoting poxy for interface with generic types

Sign a XML file by SmartCard on the .NET

Ola ! Me chamo Andrei Johann, sou desenvolvedor .NET, e estamos tendo um problema no desenvolvimento em um software de assinatura de arquivos .xml utilizando a plataforma .NET Framework 2.0.
A problematica e a seguinte:
Necessitamos assinar arquivos .xml a partir de um certificado selecionado do STORE de certificados do usuario da maquina.
Para isto estamos utilizando as classes X509Store para buscar os certificados do CurrentUser e instanciar o certificado selecionado em um objeto do tipo X509Certificate2. Ambas as classes pertencem ao namespace System.Security.Cryptography.X509Certificates . A assinatura do arquivo .xml e efetuada utilizando a classe SignedXml pertencente ao namespace System.Security.Cryptography.Xml . A assinatura e feita utilizando a chave privada do certificado. X509Certificate2.PrivateKey . Tudo funciona perfeitamente, com a excessao de quando o certificado selecionado se encontra em um smartCard....Estamos usando um cartao e-CPF emitido pela AC SERASA SRF e uma leitora da PERTO. Ao conectar a leitora e inserir o cartao e-CPF o certificado e adicionado automaticamente no STORE de certificados PESSOAL do usuario, sendo que o certificado possui uma chave particular. O certificado entao e buscado do STORE atraves da classe X509Store e instanciado no objeto X509Certificate2 normalmente, bem como a propriedade HasPrivateKey do objeto X509Certificate2 retorna o valor True. O problema ocorre quando e acessada a propriedade PrivateKey do objeto X509Certificate2, retorna a seguinte excessao: [ System.Security.Cryptography.CryptographicException: Existem mais dados disponiveis ] . Esse problema ocorre apenas quando e lida a propriedade PrivateKey utilizado um certificado que esta no smartcard...
Se alguem puder dar uma luz ....

Answer this question

Sign a XML file by SmartCard on the .NET

  • Andreas Hardt

    Use the following code:

    CspParameters CSPParam = new CspParameters();
    CSPParam.KeyContainerName = "MY";
    CSPParam.ProviderName = DATAKEY_RSA_SCARD_PROV; //Smart card CSP

    //"Datakey RSA CSP"
    CSPParam.ProviderType = (int)CryptoCom.PROV_RSA_FULL;
    CSPParam.KeyNumber = 2; // (int)KeyNumber.Signature;
    RSACryptoServiceProvider Key = new RSACryptoServiceProvider(CSPParam);

    If you want a complete example about the full code visit:

    http://www.dotnet247.com/247reference/a.aspx u=http://www.kbalertz.com/Feedback_320602.aspx

    BUT you have to run that code on .net 1.1 that means Visual Studio 2003,
    otherwise     you will get the same problem.

    Hope it helps.

  • bcn

    Sign a XML file by SmartCard on the .NET

    I'm having problems to access the private key of the certificate stored on the chip card.

    If i access the private key of a certificate with private key stored on the machine certificate store it works well.....but in the case of the chip card, when i read the X509Certificate2.PrivateKey property, i receive a System.Security.Cryptography.CryptographicException: There are more data available.

    If some of you discover something about it, please post here !

    thanks !!!

    application sample:


    // Open the My certificate store.
    X509Store storeMy = new X509Store(StoreName.My,
    StoreLocation.CurrentUser);
    storeMy.Open(OpenFlags.ReadOnly);
    X509Certificate2Collection certs=X509Certificate2UI.SelectFromCollection
    (storeMy.Certificates, "Selection", "Select a certificate",
    X509SelectionFlag.SingleSelection);
    X509Certificate2 cert=certs[0];
    storeMy.Close();

    // Returns TRUE
    cert.HasPrivateKey;

    /* Here i receive a System.Security.Cryptography.CryptographicException: There are more data available. (It occurs only when i am accessing the private key of the certificate stored on the chip card...if the certificate with private key is stored on the machine certificate store it works well..)*/
    cert.PrivateKey;

  • asanhaji spegase

    Hi Andrei,

    Smart cards are generally designed such that you cannot get the private key off of them. Instead, you need to do the cryptographic operation directly on the card. While the X509Certificate2 PrivateKey property generally plays well with these cards (it will not try to pull the key off the card directly), depending on the smart card Crytpographic Service Provider, it may even reject this type of opening.

    -Shawn



  • Sign a XML file by SmartCard on the .NET
Answer this question