C# X509Certificate2对安全令牌中私钥的访问
我必须使用存储在安全令牌中的证书。我可以从windows证书存储访问它,但该设备有密码,因此会显示一个带有输入字段的弹出窗口 这是我用于加载证书的代码:C# X509Certificate2对安全令牌中私钥的访问,c#,asp.net-mvc-5,x509certificate2,C#,Asp.net Mvc 5,X509certificate2,我必须使用存储在安全令牌中的证书。我可以从windows证书存储访问它,但该设备有密码,因此会显示一个带有输入字段的弹出窗口 这是我用于加载证书的代码: static X509Certificate2 BuscarCertificado (StoreLocation location, StoreName name, X509FindType findType, string findValue) { X509Store store = new X509Store(na
static X509Certificate2 BuscarCertificado
(StoreLocation location, StoreName name,
X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find
(findType, findValue, true);
return col[0];
}
finally { store.Close(); }
}
谢谢您的帮助我没有ACS加密软件64 0。但此代码适用于西门子CardOS v4.3B驱动程序CardOS API v5.2 build 15。你必须检查一下它是否也适合你
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}
我没有ACS密码。64 0。但此代码适用于西门子CardOS v4.3B驱动程序CardOS API v5.2 build 15。你必须检查一下它是否也适合你
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
namespace SignWithToken
{
class Program
{
static void Main(string[] args)
{
// ------ select certificate for signing ---------
// open store
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);
if (foundCerts.Count == 0)
return;
var certForSigning = foundCerts[0];
store.Close();
// -------- prepare private key with password --------
// prepare password
var pass = new SecureString();
for(var i=0;i<8;i++)
pass.AppendChar('1');
// take private key
var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;
// make new CSP parameters based on parameters from current private key but throw in password
CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
privateKey.CspKeyContainerInfo.ProviderName,
privateKey.CspKeyContainerInfo.KeyContainerName,
null,
pass);
// make RSA crypto provider based on given CSP parameters
var rsaCsp = new RSACryptoServiceProvider(cspParameters);
// set modified RSA crypto provider back
certForSigning.PrivateKey = rsaCsp;
// ---- Sign -----
// prepare content to be signed
ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
SignedCms cms = new SignedCms(content);
// prepare CMS signer
CmsSigner signer = new CmsSigner(certForSigning);
// sign to PKCS#7
cms.ComputeSignature(signer);
// get encoded PKCS#7 value
var result = cms.Encode();
// ------ Verify signature ------
SignedCms cmsToVerify = new SignedCms();
// decode signed PKCS#7
cmsToVerify.Decode(result);
// check signature of PKCS#7
cmsToVerify.CheckSignature(true);
}
}
}
不,这是不可能的。@这是一个有趣的理论,但你能证明它吗?请忽略我的评论。Pepo的代码应该适合您。不过,它需要将PIN码存储在代码中的某个位置不推荐不,这是不可能的。@CryptoGuy这是一个有趣的理论,但你能证明它吗?请忽略我的评论。Pepo的代码应该适合您。不过,它需要将PIN码存储在代码中的某个位置。不推荐您的代码不适用于我的eToken Pro。它抛出一个exception:exception调用Main,其中包含1个参数:证书的公钥与指定的值不匹配。在此行:certForSigning.PrivateKey=rsaCsp;eToken Pro是否有CSP或微型驱动程序?西门子5.2有一个微型驱动器。但西门子CardOS API v3.2有一个CSP。我必须添加它才能使其工作cspParameters.KeyNumber=privateKey.CspKeyContainerInfo.KeyNumber;cspParameters.Flags=CspProviderFlags.UseExistingKey;cspParameters初始化后。eToken使用CSP,而不是minidriver。如果在cspParameters中设置KeyNumber和标志,它是否工作?我只有西门子卡多斯……我很高兴。但是,只有当它是CSP时,才应该设置附加属性。使用minidriver时,它会突然停止工作。您的代码对我的eToken Pro不起作用。它抛出一个exception:exception调用Main,其中包含1个参数:证书的公钥与指定的值不匹配。在此行:certForSigning.PrivateKey=rsaCsp;eToken Pro是否有CSP或微型驱动程序?西门子5.2有一个微型驱动器。但西门子CardOS API v3.2有一个CSP。我必须添加它才能使其工作cspParameters.KeyNumber=privateKey.CspKeyContainerInfo.KeyNumber;cspParameters.Flags=CspProviderFlags.UseExistingKey;cspParameters初始化后。eToken使用CSP,而不是minidriver。如果在cspParameters中设置KeyNumber和标志,它是否工作?我只有西门子卡多斯……我很高兴。但是,只有当它是CSP时,才应该设置附加属性。有了minidriver,它就会突然停止工作。