X509Certificate2 访问私钥到安全令牌
X509Certificate2 Access to a Private key into a security token
我必须使用存储在安全令牌中的证书。我可以从 windows 证书存储区访问它,但该设备有密码,因此会显示一个带有输入字段的弹出窗口。
这是我用来加载证书的代码:
static X509Certificate2 BuscarCertificado
(StoreLocation location, StoreName name,
X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find
(findType, findValue, true);
return col[0];
}
finally { store.Close(); }
}
该设备是 ACS CryptoMate64 0。
是否可以在代码中发送密码以不显示此消息?
感谢您的帮助
我没有 ACS CryptoMate64 0。但是此代码适用于 Siemens CardOS v4.3B(驱动程序 CardOS API v5.2 build 15)。您将必须检查它是否也适合您。
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}
我必须使用存储在安全令牌中的证书。我可以从 windows 证书存储区访问它,但该设备有密码,因此会显示一个带有输入字段的弹出窗口。
这是我用来加载证书的代码:
static X509Certificate2 BuscarCertificado
(StoreLocation location, StoreName name,
X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find
(findType, findValue, true);
return col[0];
}
finally { store.Close(); }
}
该设备是 ACS CryptoMate64 0。
是否可以在代码中发送密码以不显示此消息?
感谢您的帮助
我没有 ACS CryptoMate64 0。但是此代码适用于 Siemens CardOS v4.3B(驱动程序 CardOS API v5.2 build 15)。您将必须检查它是否也适合您。
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}