Access to a smartcard private key

Hot Topic

Code when called from procedures but not when called from button events!
Web Service works locally, not remotely
DataGridView Record Selection
Preserve timestamp
what file is important
saving text to a file
Excel from a web page
64 Framework behaves differently
64-Bit OS Error: VFPOLEDB.1 Is Not Installed on Local Machine
Transaction locking locks whole table!

.NET Development

run .net frame work on win 98..
Nested queries to populate a DataSet using OdbcDataAdapter
.NET Runtime 2.0 Error Reporting
Setting types in dataset
shut down tcpClient for good...
Problem in converting byte[]to stringBuilder
Server wa unable to process the request.-->root element missing
about collection and template variable
How to access objects from another thread...
Web Reference

Access to a smartcard private key

Hi all,

I'm trying to access a private key (X509 certificate) stored in a smartcard (Gemplus GemSAFE Card CSP), but i always get the same error:

System.Security.Cryptography.CryptographicException: Hay mas datos disponibles. (In english, "More info is available")

at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

I use the following code:

-> (using WSE 2.0 in vs2003)

''Abro el store
Dim almacen As X509CertificateStore = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore)
almacen.OpenRead()

''Cojo el primero
Dim miCert As X509Certificate = almacen.Certificates(0)


''Libero el store
almacen.Close()
almacen = Nothing

''Accedo a la private key
MsgBox(micert.Key.ToXmlString(False),MsgBoxStyle.Information,"Informacion de la clave privada")

-> (using WSE 3.0 in vs2005):

''Abro el store
Dim almacen As System.Security.Cryptography.X509Certificates.X509Store = New System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.My)
almacen.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly)

''Cojo el primero
Dim miCert As X509Certificate2 = almacen.Certificates(0)


''Libero el store
almacen.Close()
almacen = Nothing

''Accedo a la private key
MsgBox(Microsoft.Web.Services3.Security.X509.X509Util.GetKey(miCert).ToXmlString(False),MsgBoxStyle.Information,"Informacion de la clave privada")


In both cases in the last line I get the same error. What's that

Any idea
Thanks in advance

Answer this question

Access to a smartcard private key

  • a_subscriber

    If it's a CSP problem...what can i do to resolve it

  • Tilfried Weissenberger

    I'm no expert, but it seems to me that you need un updated CSP for your card that meets the requirements (probably from the people that made the card). Anyway, you should wait for a more informed advice :).

  • Exo_23

    Excuse me, in my last message I said i was using WSE 2.0 in vs2003, but that’s not right. I’m really using WSE 1.0 in vs2003.

    When i use the WSE 2.0 in vs2003 with the code:

    ''Abro el store
    Dim almacen As X509CertificateStore = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore)
    almacen.OpenRead()

    ''Cojo el primero
    Dim miCert As X509Certificate = almacen.Certificates(0)


    ''Libero el store
    almacen.Close()
    almacen = Nothing

    ''Accedo a la private key
    MsgBox(micert.Key.ToXmlString(False),MsgBoxStyle.Information,"Informacion de la clave privada")

    works fine, but when i try to use the key to sign a xml:

    Dim xmlFirmado As New SignedXml

    Dim ref As New System.Security.Cryptography.Xml.Reference

    Dim key As System.Security.Cryptography.RSA

    key = miCert.Key

    ref.Uri = "#Mensaje"

    Dim obj As DataObject = New DataObject

    ''docXML es el mensaje
    obj.Data = docXml.ChildNodes
    obj.Id = "Mensaje"
    xmlFirmado.AddObject(obj)

    xmlFirmado.AddReference(ref)

    Dim infKey As New System.Security.Cryptography.Xml.KeyInfo
    infKey.AddClause(New System.Security.Cryptography.Xml.KeyInfoX509Data(miCert))

    xmlFirmado.KeyInfo = infKey

    xmlFirmado.SigningKey = key

    xmlFirmado.ComputeSignature()


    I receive a diferent error in the ComputeSignature() invoke:

    System.NotSupportedException: DecryptValue
    at Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.DecryptValue(Byte[] ciphertext)
    at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
    at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
    at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()

    Sorry for my mistake.

  • LLam

    Someone else had the same problem and found a solution: http://www.codecomments.com/archive375-2005-5-397314.html

     

  • s0r3n

    I read that post before and how I exposed I've already tried with the wse 1.0, but I receive the same error that i was receiving with the wse 3.0:

    System.Security.Cryptography.CryptographicException: Hay mas datos disponibles. (In english, "More info is available")

    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
    at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID)
    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

    Thanks anyway.
    More ideas please.

  • Sampy MSFT

    Thanks for all your previous responses.

    I'll try another way to sign the XML message:

    Const PROV_RSA_FULL As Integer = 1

    Dim parametrosCSP As New System.Security.Cryptography.CspParameters()

    CSPParam.KeyContainerName = " "
    CSPParam.ProviderName = "Gemplus GemSAFE Card CSP v1.0"
    CSPParam.ProviderType = PROV_RSA_FULL
    CSPParam.KeyNumber = 2 ''Signature

    Dim rsaCSP As New System.Security.Cryptography.RSACryptoServiceProvider(CSPParam)

    ....

    I have two Gemplus smartcard readers connected to my computer. How can I select which reader i want to use
    I think I must use the "KeyContainerName" property of the CspParameters object, but I don't know where to find that information.
    If anyone can help me I'll be very pleased.

  • EW

  • Access to a smartcard private key
Answer this question