Reputation: 973
C# Cades P7M with Smartcard
I read this post how can sign a file with BouncyCastle dll in c# and I would to know if it is possible found some support for certificates stored in smartcard.
What I'm trying to do is to create P7M cades but it seems impossibile to found any dopcumentation, .NET classes or free library.
Upvotes: 1
Views: 4356
Answers (3)
Reputation: 21
I used DSS.NET with this code:
using System.Security.Cryptography.X509Certificates;
using EU.Europa.EC.Markt.Dss;
using EU.Europa.EC.Markt.Dss.Signature;
using EU.Europa.EC.Markt.Dss.Signature.Cades;
using EU.Europa.EC.Markt.Dss.Signature.Token;
private static void SignP7M(X509Certificate2 card, string sourcepath)
{
var service = new CAdESService();
// Creation of MS CAPI signature token
var token = new MSCAPISignatureToken { Cert = card };
var parameters = new SignatureParameters
{
SignatureAlgorithm = SignatureAlgorithm.RSA,
SignatureFormat = SignatureFormat.CAdES_BES,
DigestAlgorithm = DigestAlgorithm.SHA256,
SignaturePackaging = SignaturePackaging.ENVELOPING,
SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
SigningDate = DateTime.UtcNow
};
var toBeSigned = new FileDocument(sourcepath);
var iStream = service.ToBeSigned(toBeSigned, parameters);
var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);
var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);
var dest = sourcepath + ".p7m";
if (File.Exists(dest)) File.Delete(dest);
var fout = File.OpenWrite(dest);
signedDocument.OpenStream().CopyTo(fout);
fout.Close();
}
You can get the card in two ways:
- from cert store
- from cert serial number
here the samples:
public static X509Certificate2 GetCertificate(string _certSn)
{
//selezione del token di firma
var st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
st.Open(OpenFlags.ReadOnly);
var col = st.Certificates;
var card = col.Cast<X509Certificate2>().FirstOrDefault(t => t.SerialNumber == _certSn);
st.Close();
return card;
}
public static X509Certificate2 selectCert(StoreName store, StoreLocation location, string windowTitle, string windowMsg)
{
X509Certificate2 certSelected = null;
X509Store x509Store = new X509Store(store, location);
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = x509Store.Certificates;
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, windowTitle, windowMsg, X509SelectionFlag.SingleSelection);
if (sel.Count > 0)
{
X509Certificate2Enumerator en = sel.GetEnumerator();
en.MoveNext();
certSelected = en.Current;
}
x509Store.Close();
return certSelected;
}
Upvotes: 2
Reputation: 41
You can also try this c# ported version of an European Commission initiative:
It supports CAdES. Try using the MSCAPISignatureToken and the guide in the CookBook
Upvotes: 4
Reputation: 46060
If the smartcard is mapped to Windows Certificate storage, then you can use certificates available via CryptoAPI. If the smartcard is available via PKCS#11, you can use PKIBlackbox package of our SecureBlackbox product to use it. Also PKIBlackbox supports CAdES format, not just PKCS#7/CMS.
Upvotes: -1
Related Questions
- How to Create Digital Signature and Verify it in C# using PKCS 7 and SHA algorithm
- Verify pkcs7 Signature received from AS2 trading partner
- C# PKCS7 Smartcard Digital Signature - Document has been altered or corrupted since it was signed
- Create a PKCS#7 signed message in c# with a precomputed signature
- Microsoft.Xades Open Source Dll Using PKCS11
- Enveloping, signing and creating PKCS#7 DER message with .pfx certificate
- .NET Sign data with smartcard
- Smart card asymmetric key generation
- Access certificate and private key from pkcs#11 token or smart-card
- Certificates from SmartCard in C#