Question

我有第三方应用程序（我们不想使用），可以使用私钥从我们的读卡器中提取证书，然后将其插入到商店。正如我所说，我们不想出于多种原因使用它，所以我们试图通过PKCS11直接读取读卡器。当我们在C＃中开发时，我们使用PKCS11 Interop库来管理它。但是，我无法检索链接到此证书的关联私钥。我该怎么办？

这是我的代码：

    <?xml version="1.0" encoding="UTF-8"?>
    <members>
        <member id="0">
            <name>a</name>
            <surname>a</surname>
            <fatherName>a</fatherName>
            <age>0</age>
            <email>a@a.com</email>
            <username>a</username>
            <password>a</password>
        </member>
    </members>

如果我尝试检索私钥，我可以，但它不可读，否则我看不到如何将它与我检索到的证书相关联？

List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
//objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, UTF8Encoding.UTF8.GetBytes("Certificat d'Authentification CPS")));
//CurrentSession.FindObjectsInit(objectAttributes);
oObjCollection = CurrentSession.FindAllObjects(objectAttributes);
//if (oObjCollection.Count > 0)
foreach (var item in oObjCollection)
{
  var oAttriVal = CurrentSession.GetAttributeValue(item, new List<CKA>() { CKA.CKA_VALUE, CKA.CKA_ID }).FirstOrDefault();
  oResult = new X509Certificate2(oAttriVal.GetValueAsByteArray());
  X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadWrite);
  store.Add(oResult);
  store.Close();
}

感谢您的帮助

Answer 1

在大多数情况下，您不会 - 大多数PKCS＃11设备都不允许您从设备中提取私钥，这是有原因的。

＆＃34;驱动程序＆＃34;您指的很可能不提取密钥，但是当系统需要执行此类操作时，可以通过调用设备上的签名和解密功能来使用私钥。这是由许多供应商提供的CSP模块完成的。

您需要做同样的事情，即您很可能无法编写自己的CSP（加密服务提供商）而无法使用CryptoAPI进行操作，而CSP（加密服务提供商）将执行与第三方应用程序相同的操作。

Answer 2

我终于成功了。

我的程序如下：我使用第三方软件来分析存放的证书的私钥。

当我这样做时，我从第三方DLL加载CspParameters，如下所示：

#Create new Excel workbook and write fields.

$excel = New-Object -ComObject excel.application 
$excel.visible = $False 
$workbook = $excel.Workbooks.Add() 
$workbook.Worksheets.Add() | Out-Null 
$excel.DisplayAlerts = $False 
$excel.Rows.Item(1).Font.Bold = $true

$Sheet= $workbook.Worksheets.Item(1) 
$Sheet.Name = 'Server Information' 
$Sheet.Cells.Item(1,1) = "Manufacturer"
$Sheet.Cells.Item(1,2) = "Hostname"
$Sheet.Cells.Item(1,3) = "PC Model"
$Sheet.Cells.Item(1,4) = "Username"
$Sheet.Cells.Item(1,5) = "Serial Number"
$Sheet.Cells.Item(1,6) = "OS Architecture"
$Sheet.Cells.Item(1,7) = "HDD Model"
$Sheet.Cells.Item(1,8) = "Total Disk Size (GB)"
$Sheet.Cells.Item(1,9) = "Physical Memory (GB)"

#Import data from text file.
Write-Host "Enter file path for hostnames list..." -ForegroundColor yellow
$computers = (Read-Host 'Insert File Path') 
$computername = Get-Content $computers -ErrorAction "Inquire"

Write-Host ""
Write-Host "Excel workbook generated successfully. Writing data to rows and columns..." -ForegroundColor yellow
Write-Host $computername.count lines of data imported.
Write-Host ""
Write-Host "Starting WMI Querying..." -ForegroundColor yellow

#Loop through the Array and add data into the excel file created.

foreach ($computername in $computers) {
    ($Manufacturer,$Model,$User,$SerialNumber,$OSType,$DDModel,$DDSize,$RAMSize) = $computername.split('|')
    $introw = $Sheet.UsedRange.Rows.Count + 1

    $Manufacturer = $cs.Manufacturer
    $Model = $cs.Model
    $User = $cs.UserName
    $SerialNumber = $bios.SerialNumber
    $OSType = $os.Architecture
    $DDModel = $dd.Model
    $DDSize = $dd.Size
    $RAMSize = $cs.PhysicalSize

    (Get-Content C:\nodes.txt) | ForEach-Object {
    $cs = gwmi win32_computersystem | Select-Object Manufacturer,@{Name="PC Model"; Expression = {$cs.Model}},Username,@{Name="Physical Memory (GB)";e={[math]::truncate($_.TotalPhysicalMemory /1GB)}}
    $bios = gwmi win32_bios | Select-Object SerialNumber
    $os = gwmi win32_OperatingSystem | select-object OSArchitecture
    $dd = gwmi win32_DiskDrive | select-object Model,@{Name="Total Disk Size (GB)";e={[math]::truncate($dd.Size /1GB)}}

    $Sheet.cells.item($introw, 1) = $Manufacturer  
    $Sheet.cells.item($introw, 2) = $Model
    $Sheet.cells.item($introw, 3) = $User
    $Sheet.cells.item($introw, 4) = $SerialNumber 
    $Sheet.cells.item($introw, 5) = $OSType 
    $Sheet.cells.item($introw, 6) = $DDModel
    $Sheet.cells.item($introw, 7) = $DDSize
    $Sheet.cells.item($introw, 8) = $RAMSize
    $Sheet.UsedRange.EntireColumn.AutoFit();

    }
}

#Write and output to Excel file.
$usedRange = $Sheet.UsedRange 
$usedRange.EntireColumn.AutoFit() | Out-Null 
$workbook.SaveAs("C:\Machine Inventory.xlsx")  
$excel.Quit()

Write-Host ""
Write-Host "Process complete! The data has been exported to C:\Machine Inventory.xlsx" -ForegroundColor yellow
Write-Host ""

Write-Host "Press any key to continue ..." -ForegroundColor yellow
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

在我的特定情况下，KeyContainerName是仅包含ASCII字符的主题（它不是默认方案）。

当我使用此CSP创建RSACryptoServiceProvider时，它运行良好，我终于无法使用第三方应用程序。

请注意，ASIP Sante Cryptographic Provider是随第三方软件一起安装的提供程序，它随Windows CSP的特定DLL一起提供。

此代码可能与Mono，Linux / Mac ...

不兼容

PKCS11Interop：如何使用私钥提取证书？

2 个答案: