Hello!
I am not sure in which forum this question fits best, so I post it in the General section. I don't mind if you move it to another place where it fits better.
I need to access Cryptograhpic Tokens that contains Certificates like USB sticks or SmartCards (I need "only" read access).
It looks like there are (at least) two ways to do this:
- PKCS#11 (also known as cryptoki)
- CAPI (Cryptographic API)
I can't find informations or examples about PKCS#11 in .NET. Isn't this implemented in .NET 2.0 / VS 2005
CAPI seems to be a "thing" from Microsoft. Can I use this to access USB sticks and SmartCards Is it implemented in .NET 2.0 / VS 2005 or is it some separate product / library
Are there other ways than PKCS#11 and CAPI to access Cryptographic Tokens
Which way does Microsoft suggest for C# under .NET 2.0 / VS 2005
Best regards
CSharpNewbie22
Accessing Cryptographic Tokens
Hot Topic
- Web interface for my program.
- Creating a temporary Directory
- Integrating perl and .net
- XML selectSingleNode Issue....
- The Undo operation encountered a context that is different...
- System info
- How to send E-mail to multiple users but only 1 email visible to reciever
- Endless waiting in use of System.Net.Sockets.Socket.Receive()
- bug in Int32.Parse
- ERR - WebClient.DownloadData returns "protocol violation"
.NET Development
- Help on Deploying application ???
- security options
- preventing erasing background
- How to use Configuration.GetSection() and ConfigurationManager.OpenMappedExeConfiguration()
- The Undo operation encountered a context that is different...
- new IE Patch - DEVELOPMENT[user] issue
- HttpListener simultaneous connections give HttpListenerException
- HTTP request timing out...
- Trying to fix 'The underlying connection was closed: An unexpected error occurred on a send.'
- Beta 2 documentation
Accessing Cryptographic Tokens
Roshan_wp
The special chip in the stick is a smart card and a smart card reader in one...
Blair Allen Stark
Thanks for your answer, it was helpful. But only for 50% of my question :)
And you are right, I want to access the certificate on the SmartCard or USB-Stick.
How is it with USB-Sticks that have certificates on them (sticks that have special chips on them, so the certificate don't have to leave the stick). How do I access them Is it more easy than accessing a SmartCard Or is it basically the same
In other words: Is there a Standard to access such sticks and is it implemented in .NET 2.0 / VS 2005
Best regards
CSharpNewbie22
SRAitken
CAPI is the Windows Crypto API, much of the .NET crypto classes are simply wrappers around them. (Any class that ends in CryptoServiceProvider uses CAPI under the hood -- for instance RSACryptoServiceProvider).
What you're trying to do is access the keys stored in the smart card, correct As has been pointed out elsewhere in this thread, SmartCards are vendor specific, however if the vendor has supplied a CryptoServiceProvider that can access the smart card, you can then use CAPI (and thus the CryptoServiceProvider classes) to get at them.
Assuming that the keys are RSA keys, you would create an RSACryptoServiceProvider object passing in a CspParameters object which contains the name of the smart card CSP in its ProviderName field, and the name or number of the key container holding the key in its KeyContainerName or KeyContainerNumber field.
You'll need to either experiment or consult the documentation for the smart card CSP in order to determine what the appropriate names and numbers are however.
-Shawn
PetterA
What do you want
Smart cards are compareable to webservers serving services, luckely there are som standards, ask your vendor. To read the contents of a smart card you will most likely need (at least) the following steps:
1) Turn on the power of the smartcard
2) Identify yourself by Verifying PIN
3) Select the file you want to read (using a "user"-pin you are unlikely to have much rights)
4) Read the contents
Point 2-4 is done by sending APDU's, preferably with WINAPI SCardTransmit (use MSDN). I expect most vendors require secure communication by now (to stop replay-attacks). This will seriously complicate matters, as it wasn't hard enough.
You are likely to (physically) lock/destroy many, many cards developing your application. I know I have, anyway. Still, if you see your smart card listed (or something with a simular name) in registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\... ,this might indicate that it is possible (done by a CSP, maybe).
This is not easy.
You need specifications for your particular smartcard. If you get specifications, you will find them hard to read and filled with ambiguos information. That is my experience, anyway.
Good luck, and happy carding.
Hassan Ghanem
If you do the low-level smart card stuff, this might be a good start when you get to the point of communicating with cards, exchanging bytes.
http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx
But I would set off a couple of months to get good at smart cards.
Low-level programming background, possibly embedded experience is helpful if you want to learn these things.
Happy bitfickling (bitfickling is not really a word, I think)
net
Ah, thanks :)
That makes sense!
@Shawn
Also thanks for your help.
Best regards
CSharpNewbie22