的XAdES。我坚持一点请帮助我。我使用CSP从商店中选择证书,但我不需要用户的操作我只需要使用pkcs11包装器从智能卡[令牌]中提取私钥并将其用于签名。我使用pkcs11 interop .net wrappr 下面是我用来从商店中提取证书的代码
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection) store.Certificates;
X509Certificate2Collection fcollection =
(X509Certificate2Collection) collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection,
"XAdES sample", "Choose a certificate", X509SelectionFlag.SingleSelection);
if (scollection != null && scollection.Count == 1)
{
cert = scollection[0];
if (cert.HasPrivateKey == false)
{
MessageBox.Show("This certificate does not have a private key associated with it");
cert = null;
}
}
store.Close();
以及用于从智能卡中提取私钥的代码,如下所示
Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
//Get Info
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
//Login to business slot
Slot paciSlot = slots[2];
// Open RO session
using (Session session = paciSlot.OpenSession(false))
{
//Sign and verify with certificate
//Get Private Key
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes = new List<ObjectAttribute>();
objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
session.FindObjectsInit(objectAttributes);
var oObjCollection = session.FindObjects(1);
ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
if (oObjCollection.Count > 0)
{
oPrivKeyObjectHandle = oObjCollection[0];
}}
所以我如何使用智能卡中的私钥与Microsoft.xades dll。
编辑问题: - 下面是使用csp进行签名的源代码
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey; //Certificate Private Key
if (signingKey == null)
{
throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
if (!(signingKey is DSA))
{
if (!(signingKey is RSA))
{
throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
}
}
else
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
}
}
SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
if (description == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hash = new SHA1Managed();
if (hash == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
//this.GetC14NDigest(hash);
this.GetC14NDigest(hash, "ds");
this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
并使用pkcs11库
Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
//Get Info
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
//Login to business slot
Slot paciSlot = slots[2];
// Open RO session
using (Session session = paciSlot.OpenSession(false))
{
//Sign and verify with certificate
//Get Private Key
var objectAttributes = new List<ObjectAttribute>
{
new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)
};
session.FindObjectsInit(objectAttributes);
var oObjCollection = session.FindObjects(1);
ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
if (oObjCollection.Count > 0)
{
oPrivKeyObjectHandle = oObjCollection[0];
}
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
byte[] signature = session.Sign(mechanism, oPrivKeyObjectHandle, hashedata);
使用csp的签名与使用pkcs11的签名不同,如何使用相同的私钥。
谢谢