Maske
Reputation: 864
X509Certificate2 Access to a Private key into a security token
I must use a certificate stored in a Security token. I can access it from the windows certificate store, but the device has a password, so is displayed a pop-up with a input field.
This is the code who I use for load the certificate:
static X509Certificate2 BuscarCertificado
(StoreLocation location, StoreName name,
X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find
(findType, findValue, true);
return col[0];
}
finally { store.Close(); }
}
The device is a ACS CryptoMate64 0.
Is possible send the password in the code for not display this message?
Thanks for any help
Upvotes: 3
Views: 4764
Answers (1)
pepo
Reputation: 8867
I don't have ACS CryptoMate64 0. But this code works with Siemens CardOS v4.3B (drivers CardOS API v5.2 build 15). You will have to check if it works for you too.
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}
Upvotes: 5
Related Questions
- Associate a private key with the X509Certificate2 class in .net
- Adding a private key to X509Certificate2 - C#
- Add Private Key to X509Certificate
- .pem private key to X509Certificate2
- Associating an X509Certificate2 certificate with a private key in .NET
- X509Certificate2: Access denined when decrypting with privatekey
- X509Certificate2 from store with private key
- Asp Mvc prompt client certificate with private key
- Private key is null when accessing via code, why?
- How to operate with X509 certificates in .NET code