PKCS11Interop:如何使用私钥提取证书?

时间:2015-07-06 08:25:09

标签: c# cryptography pkcs#11

我有第三方应用程序(我们不想使用),可以使用私钥从我们的读卡器中提取证书,然后将其插入到商店。 正如我所说,我们不想出于多种原因使用它,所以我们试图通过PKCS11直接读取读卡器。 当我们在C#中开发时,我们使用PKCS11 Interop库来管理它。但是,我无法检索链接到此证书的关联私钥。我该怎么办?

这是我的代码:

    <?xml version="1.0" encoding="UTF-8"?>
    <members>
        <member id="0">
            <name>a</name>
            <surname>a</surname>
            <fatherName>a</fatherName>
            <age>0</age>
            <email>a@a.com</email>
            <username>a</username>
            <password>a</password>
        </member>
    </members>

如果我尝试检索私钥,我可以,但它不可读,否则我看不到如何将它与我检索到的证书相关联?

List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
//objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, UTF8Encoding.UTF8.GetBytes("Certificat d'Authentification CPS")));
//CurrentSession.FindObjectsInit(objectAttributes);
oObjCollection = CurrentSession.FindAllObjects(objectAttributes);
//if (oObjCollection.Count > 0)
foreach (var item in oObjCollection)
{
  var oAttriVal = CurrentSession.GetAttributeValue(item, new List<CKA>() { CKA.CKA_VALUE, CKA.CKA_ID }).FirstOrDefault();
  oResult = new X509Certificate2(oAttriVal.GetValueAsByteArray());
  X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadWrite);
  store.Add(oResult);
  store.Close();
}

感谢您的帮助

2 个答案:

答案 0 :(得分:0)

在大多数情况下,您不会 - 大多数PKCS#11设备都不允许您从设备中提取私钥,这是有原因的。

&#34;驱动程序&#34;您指的很可能不提取密钥,但是当系统需要执行此类操作时,可以通过调用设备上的签名和解密功能来使用私钥。这是由许多供应商提供的CSP模块完成的。

您需要做同样的事情,即您很可能无法编写自己的CSP(加密服务提供商)而无法使用CryptoAPI进行操作,而CSP(加密服务提供商)将执行与第三方应用程序相同的操作。

答案 1 :(得分:0)

我终于成功了。

我的程序如下:我使用第三方软件来分析存放的证书的私钥。

当我这样做时,我从第三方DLL加载CspParameters,如下所示:

#Create new Excel workbook and write fields.

$excel = New-Object -ComObject excel.application 
$excel.visible = $False 
$workbook = $excel.Workbooks.Add() 
$workbook.Worksheets.Add() | Out-Null 
$excel.DisplayAlerts = $False 
$excel.Rows.Item(1).Font.Bold = $true

$Sheet= $workbook.Worksheets.Item(1) 
$Sheet.Name = 'Server Information' 
$Sheet.Cells.Item(1,1) = "Manufacturer"
$Sheet.Cells.Item(1,2) = "Hostname"
$Sheet.Cells.Item(1,3) = "PC Model"
$Sheet.Cells.Item(1,4) = "Username"
$Sheet.Cells.Item(1,5) = "Serial Number"
$Sheet.Cells.Item(1,6) = "OS Architecture"
$Sheet.Cells.Item(1,7) = "HDD Model"
$Sheet.Cells.Item(1,8) = "Total Disk Size (GB)"
$Sheet.Cells.Item(1,9) = "Physical Memory (GB)"

#Import data from text file.
Write-Host "Enter file path for hostnames list..." -ForegroundColor yellow
$computers = (Read-Host 'Insert File Path') 
$computername = Get-Content $computers -ErrorAction "Inquire"

Write-Host ""
Write-Host "Excel workbook generated successfully. Writing data to rows and columns..." -ForegroundColor yellow
Write-Host $computername.count lines of data imported.
Write-Host ""
Write-Host "Starting WMI Querying..." -ForegroundColor yellow

#Loop through the Array and add data into the excel file created.

foreach ($computername in $computers) {
    ($Manufacturer,$Model,$User,$SerialNumber,$OSType,$DDModel,$DDSize,$RAMSize) = $computername.split('|')
    $introw = $Sheet.UsedRange.Rows.Count + 1

    $Manufacturer = $cs.Manufacturer
    $Model = $cs.Model
    $User = $cs.UserName
    $SerialNumber = $bios.SerialNumber
    $OSType = $os.Architecture
    $DDModel = $dd.Model
    $DDSize = $dd.Size
    $RAMSize = $cs.PhysicalSize

    (Get-Content C:\nodes.txt) | ForEach-Object {
    $cs = gwmi win32_computersystem | Select-Object Manufacturer,@{Name="PC Model"; Expression = {$cs.Model}},Username,@{Name="Physical Memory (GB)";e={[math]::truncate($_.TotalPhysicalMemory /1GB)}}
    $bios = gwmi win32_bios | Select-Object SerialNumber
    $os = gwmi win32_OperatingSystem | select-object OSArchitecture
    $dd = gwmi win32_DiskDrive | select-object Model,@{Name="Total Disk Size (GB)";e={[math]::truncate($dd.Size /1GB)}}

    $Sheet.cells.item($introw, 1) = $Manufacturer  
    $Sheet.cells.item($introw, 2) = $Model
    $Sheet.cells.item($introw, 3) = $User
    $Sheet.cells.item($introw, 4) = $SerialNumber 
    $Sheet.cells.item($introw, 5) = $OSType 
    $Sheet.cells.item($introw, 6) = $DDModel
    $Sheet.cells.item($introw, 7) = $DDSize
    $Sheet.cells.item($introw, 8) = $RAMSize
    $Sheet.UsedRange.EntireColumn.AutoFit();

    }
}

#Write and output to Excel file.
$usedRange = $Sheet.UsedRange 
$usedRange.EntireColumn.AutoFit() | Out-Null 
$workbook.SaveAs("C:\Machine Inventory.xlsx")  
$excel.Quit()

Write-Host ""
Write-Host "Process complete! The data has been exported to C:\Machine Inventory.xlsx" -ForegroundColor yellow
Write-Host ""

Write-Host "Press any key to continue ..." -ForegroundColor yellow
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

在我的特定情况下,KeyContainerName是仅包含ASCII字符的主题(它不是默认方案)。

当我使用此CSP创建RSACryptoServiceProvider时,它运行良好,我终于无法使用第三方应用程序。

请注意,ASIP Sante Cryptographic Provider是随第三方软件一起安装的提供程序,它随Windows CSP的特定DLL一起提供。

此代码可能与Mono,Linux / Mac ...

不兼容