如何以编程方式为 X509Certificate2 设置 PIN?
[英]How can I set PIN for a X509Certificate2 programmatically?
问题描述
I need to send data to a webservice everyday so I made a scheduled task that runs my code.
我需要每天将数据发送到网络服务,所以我制定了一个运行我的代码的计划任务。 The problem is the webservice requires a certificate with a PIN code.问题是网络服务需要带有 PIN 码的证书。 I have attached the certificate but I can't find a way to set the PIN to it, therefor it shows a popup everytime to enter it manually.我已附上证书,但找不到设置 PIN 的方法,因此每次手动输入时它都会显示一个弹出窗口。
Here is my code for the certificate:这是我的证书代码:
private void SendData(string data)
{
using (SerWSService webService = new SerWSService())
{
string certificateSN = "serial number for the certificate";
webService.ClientCertificates.Add(FindCertificate(certificateSN));
webService.SendData(data);
}
}
private X509Certificate2 FindCertificate(string certserial)
{
X509Certificate2 WPE_UserCert = null;
X509Store wstore = default(X509Store);
wstore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
wstore.Open(OpenFlags.ReadOnly);
var wcerts = wstore.Certificates;
foreach (var wcert in wcerts)
{
if (wcert.SerialNumber.ToUpper() == certserial.Replace(" ", "").ToUpper())
{
WPE_UserCert = wcert;
break;
}
}
wstore.Close();
if (WPE_UserCert != null)
{
//TO DO: add PIN code to certificate
}
return WPE_UserCert;
}
Is there any way I can set the PIN to the certificate?有什么办法可以将 PIN 设置为证书?
2 个解决方案
解决方案1
4 2017-03-06 16:27:45
No, because certificates don't have PINs;不,因为证书没有 PIN; (private) keys do. (私人)钥匙做。
If you are finding a certificate with a private key and you pass that certificate to a class that expects the unified pair (eg SslStream, HttpClient) then there's no real/good solution.如果您正在查找带有私钥的证书并将该证书传递给需要统一对的类(例如 SslStream、HttpClient),则没有真正/好的解决方案。
If you are using the private key yourself, you have some leeway:如果您自己使用私钥,则有一些回旋余地:
using (RSA rsa = cert.GetRSAPrivateKey())
{
RSACng rsaCng = rsa as RSACng;
RSACryptoServiceProvider rsaCsp = rsa as RSACryptoServiceProvider;
if (rsaCng != null)
{
// Set the PIN, an explicit null terminator is required to this Unicode/UCS-2 string.
byte[] propertyBytes;
if (pin[pin.Length - 1] == '\0')
{
propertyBytes = Encoding.Unicode.GetBytes(pin);
}
else
{
propertyBytes = new byte[Encoding.Unicode.GetByteCount(pin) + 2];
Encoding.Unicode.GetBytes(pin, 0, pin.Length, propertyBytes, 0);
}
const string NCRYPT_PIN_PROPERTY = "SmartCardPin";
CngProperty pinProperty = new CngProperty(
NCRYPT_PIN_PROPERTY,
propertyBytes,
CngPropertyOptions.None);
rsaCng.Key.SetProperty(pinProperty);
}
else if (rsaCsp != null)
{
// This is possible, but painful.
// Copy out the CspKeyContainerInfo data into a new CspParameters,
// build the KeyPassword value on CspParameters,
// Dispose() the existing instance,
// and open a new one to replace it.
//
// But if you really called GetRSAPrivateKey() and it has returned an RSACng for
// your device once, it pretty much will forever (until the next
// new RSA type for Windows is invented... at which point it still
// won't return an RSACryptoServiceProvider).
}
else
{
// No other built-in RSA types support setting a PIN programmatically.
}
// Use the key here.
// If you needed to return it, don't put it in a using :)
}
解决方案2
0 2021-05-18 09:26:31
在 CSP 私钥的情况下,使用CryptAcquireCertificatePrivateKey获取 CryptoProv 句柄,然后使用CryptSetProvParam(h,PP_SIGNATURE_PIN,pin,0)设置 PIN。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.