Hi,
I want to decrypt a data using a private key, stored on a Smart Card. I want to disable raising a dialog asking for a pin. There is my sample code:
CspParameters cspp = new CspParameters(); cspp.KeyContainerName = "MyKeyContainer"; cspp.ProviderName = "Schlumberger Cryptographic Service Provider"; // My Smart Card PIN is "1111" System.Security.SecureString ss=new System.Security.SecureString(); ss.AppendChar('1'); ss.AppendChar('1'); ss.AppendChar('1'); ss.AppendChar('1'); cspp.KeyPassword = ss; cspp.Flags = CspProviderFlags.NoPrompt; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspp); string reth = Encoding.UTF8.GetString(rsa2.Decrypt(enc, false)); |
Why it does not work The Crypto Svc provider throws an error "Incorrect PIN", but I'm SURE,that this PIN is correct.
When I remove the line:
cspp.Flags = CspProviderFlags.NoPrompt;
then provider raises a dialog asking for a pin.
Please help me, how can I set PIN programmaticaly to disable raising a dialog asking for a pin
Thanx a lot!
Fipil.
How can I set PIN programmatically to disable raising a dialog asking for a smart card pin?
KlausWiesel
It still doesn't works, when executing the line:
signedXml.SigningKey = cert.PrivateKey;
I got the same "nice" error "There are more data available".
Have you run the sample on a cert that points to a private key stored on a smart card
Oh my godness how difficult is being solving that issue!!! Thanks once more for your support. Any other idea
The little padavan.
Kered
Yes, I have run the sample on a cert that points to a private key stored on a smart card.
Check, that you have installed correct Cryptography Service Provider (CSP). Most smardcard vendors distributes their own software with CSP written especially for that smart card. If you have any other software which is using your smart card, try run it. Works it correctly The error message may be generated by the CSP you using (written by smartcard vendor) so ask the vendor for CSP reference documentation to understand the error.
Sumit Ray
But what if I want to use the private key stored in the smartcard, for instance to create a signature
Actually what I would like to do is to create a SignedXML signature using a key stored in a smart card
Any idea Sorry for asking you again but among all the forums where I aksed, up to now you are the only one who knew the answer.
Thank's again Fipil.
newuseroverhere
Just one question, are you using .net 2.0 or 1.1 because I have found this interesting post:
http://www.hightechtalks.com/t2327997-rsacryptoserviceprovider-throw-exception-on-net-20.html
Anyway, thanks a lot for your help you have been really kind trying to find out a solution to my problem. Whenever you come to Barcelona you will have a bier paid :-)
cu Fipil
Myself-Me
By the way, how do you access do a key stored in the smart card
I'm trying to sign using a key stored in a smartcard and I'm going crazy. I use the following code:
CspParameters csp = new CspParameters(1, "SafeSign CSP Version 1.0");
csp.KeyNumber = 1;
csp.KeyContainerName = "86332793-9965-41e2-9fff-6ce481e86889";
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
But then I get the error "More info is available". What's that If I do not specify any container name then the constructor doesn't complain but when specifying a container name then I got the exception.
Any idea Any help will be really apreciated!
Thanks in advance
Michael Feingold
is it fixed if not, any1 got any bypass really need to know .
Thanks.
LordKrishna
This is a bug in the .NET Framework. See here for more info: http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx feedbackid=5c46bf4a-2a0b-4e3d-9c81-e0b014ada229
BTW answer: I'm not accessing the key directly, I'm using the X509 certificate, which is stored on smart card with private key. For example, for encrypting I'm using this code:
public static byte[] EncryptByCertPBK(X509Certificate2 cert, string msg){
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
byte[] textBytes = Encoding.UTF8.GetBytes(msg);
byte[] reth = rsa.Encrypt(textBytes, false);
return reth;
}
When a SmartCard is inserted into the reader, the default X509 certificate is loaded and stored into the personal certificates store. From this store u can select the certificate by
X509Certificate2UI.SelectFromCollection(...)
method and pass to EncryptByCertPBK(...) as a parameter.
Hope this helps.
Fipil.
Ljubica
Did you ever get his problem resolved with the keypassword parameter
We are experiencing the same problem and have not found a cure, any help or guidance would be appreciated.
Thanks
Martin
durstin
Unfortunately I'm not have an experiences with signing a XML file, but for signing a byte array I'm using the SignedCms and the CmsSigner classes. I'm using the X509 certificate as in preceding example.
See the .NET Framework 2.0 reference for more infos about the SignedCms and CmsSigner classes. Look at: http://msdn2.microsoft.com/en-us/library/ms180955.aspx
Here you are an example:
Here you are an example for veryfying the signature:
public static bool VerifySignedMsg(byte[] encodedSignature, byte[] msg, bool detached){
SignedCms signedCms;
if (detached)
{
ContentInfo contentInfo = new ContentInfo(msg);
signedCms = new SignedCms(contentInfo, true);
}
else
signedCms = new SignedCms();
signedCms.Decode(encodedSignature);
// Catch a verification exception if you want to
// advise the message recipient that
// security actions might be appropriate.
try
{
// Verify signature. Do not validate signer
// certificate for the purposes of this example.
// Note that in a production environment, validating
// the signer certificate chain will probably
// be necessary.
Console.Write("Checking signature on message ... ");
signedCms.CheckSignature(true);
Console.WriteLine("Done.");
}
catch (System.Security.Cryptography.CryptographicException e)
{
Console.WriteLine("VerifyMsg caught exception: {0}",
e.Message);
Console.WriteLine("Verification of the signed PKCS #7 " +
"failed. The message, signatures, or " +
"countersignatures may have been modified " +
"in transit or storage. The message signers or " +
"countersigners may not be who they claim to be. " +
"The message's authenticity or integrity, " +
"or both, are not guaranteed.");
return false;
}
return true;
}
Hope this helps.
Fipil
John Doyle
Pepegotilaioter,
the SignedXml.SigningKey property is of the AssymmetricAlgorithm type. Because of it, you can assign the X509Certificate2.PrivateKey property to it from a certificate stored on a SmartCard.
Here you are a sample:
// Sign an XML file and save the signature in a new file. This method does not// save the public key within the XML file. This file cannot be verified unless
// the verifying code has the key with which it was signed.
public void SignDetachedResource(string URIString, string XmlSigFileName, X509Certificate2 cert)
{
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(); // Assign the key to the SignedXml object.
signedXml.SigningKey = cert.PrivateKey; // Create a reference to be signed.
Reference reference = new Reference(); // Add the passed URI to the reference object.
reference.Uri = URIString; // Add the reference to the SignedXml object.
signedXml.AddReference(reference); // Compute the signature.
signedXml.ComputeSignature(); // Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml(); // Save the signed XML document to a file specified
// using the passed string. XmlTextWriter xmltw = new XmlTextWriter(XmlSigFileName, new UTF8Encoding(false));
xmlDigitalSignature.WriteTo(xmltw);
xmltw.Close();
}
I tested this sample now, and it works, so hope, this help.
FipilSkyWalker
Jens Stjarna
I too have found this problem. Has anyone discovered a work around or fix for the issue
BradWest
The problem with SignedXML is that the parameter needed to sign is the key itself and not a cert (like in the SignedCMS sample you provide me). And here I come to the same problem again, I don't know how to access to the private key. In the X509Certficate2 there is the PublicKey.Key object but not the PrivateKey.Key (for security reasons I guess). Any idea how workaround this
Sorry for askin and askin and asking but you currently you are my last hope ( like LukeSkyWalker in StarWars :-) ).
Thanks Fipil.
VishalR
I'm using .net 2.0.
Thanks for invitation
, I like bier.
Bye!
Fipil
AtlzBIGuru
Hi Fipil,
Unfortunately, it looks to me like this is a bug in the CLR. I'll enter it into our bug database, and we'll look at fixing it for the next version. If you would like to file a bug on the MSDN product feedback center, you'll also be able to track its progress.
-Shawn