[英]X509Certificate2 Access to a Private key into a security token
我必須使用存儲在安全令牌中的證書。 我可以從Windows證書存儲區訪問它,但設備有密碼,因此會顯示一個帶有輸入字段的彈出窗口。
這是我用於加載證書的代碼:
static X509Certificate2 BuscarCertificado
(StoreLocation location, StoreName name,
X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find
(findType, findValue, true);
return col[0];
}
finally { store.Close(); }
}
該設備是ACS CryptoMate64 0。
是否可以在代碼中發送密碼以顯示此消息?
謝謝你的幫助
我沒有ACS CryptoMate64 0.但是此代碼適用於Siemens CardOS v4.3B(驅動程序CardOS API v5.2 build 15)。 你必須檢查它是否也適合你。
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.