X509Certificate2訪問私鑰到安全令牌

Question

我必須使用存儲在安全令牌中的證書。 我可以從Windows證書存儲區訪問它，但設備有密碼，因此會顯示一個帶有輸入字段的彈出窗口。

這是我用於加載證書的代碼：

static X509Certificate2 BuscarCertificado
    (StoreLocation location, StoreName name, 
    X509FindType findType, string findValue)
{
    X509Store store = new X509Store(name, location);
    try{
        store.Open(OpenFlags.ReadOnly);

        X509Certificate2Collection col = store.Certificates.Find
            (findType, findValue, true);

        return col[0];
    }
    finally { store.Close(); }
}

該設備是ACS CryptoMate64 0。

是否可以在代碼中發送密碼以顯示此消息？

謝謝你的幫助

Answer 1

我沒有ACS CryptoMate64 0.但是此代碼適用於Siemens CardOS v4.3B（驅動程序CardOS API v5.2 build 15）。 你必須檢查它是否也適合你。

using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;

namespace SignWithToken
{
    class Program
    {
        static void Main(string[] args)
        {
            // ------ select certificate for signing ---------
            // open store
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.MaxAllowed);

            // find cert by thumbprint
            var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);

            if (foundCerts.Count == 0)
                return;

            var certForSigning = foundCerts[0];
            store.Close();

            // -------- prepare private key with password --------
            // prepare password
            var pass = new SecureString();
            for(var i=0;i<8;i++)
                pass.AppendChar('1');

            // take private key
            var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;

            // make new CSP parameters based on parameters from current private key but throw in password
            CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
                privateKey.CspKeyContainerInfo.ProviderName,
                privateKey.CspKeyContainerInfo.KeyContainerName,
                null,
                pass);

            // make RSA crypto provider based on given CSP parameters
            var rsaCsp = new RSACryptoServiceProvider(cspParameters);

            // set modified RSA crypto provider back
            certForSigning.PrivateKey = rsaCsp;

            // ---- Sign -----
            // prepare content to be signed
            ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
            SignedCms cms = new SignedCms(content);

            // prepare CMS signer 
            CmsSigner signer = new CmsSigner(certForSigning);

            // sign to PKCS#7
            cms.ComputeSignature(signer);

            // get encoded PKCS#7 value
            var result = cms.Encode();

            // ------ Verify signature ------
            SignedCms cmsToVerify = new SignedCms();
            // decode signed PKCS#7
            cmsToVerify.Decode(result);

            // check signature of PKCS#7
            cmsToVerify.CheckSignature(true);
        }
    }
}