带有智能卡的C#Cades P7M

本文关键字:C#Cades P7M 智能卡 | 更新日期: 2023-09-27 18:22:48

我读过这篇文章,如何在c中使用BouncyCastle dll对文件进行签名#我想知道是否有可能找到一些对存储在智能卡中的证书的支持。

我想做的是创建P7M cade,但似乎不可能找到任何文档、.NET类或免费库。

带有智能卡的C#Cades P7M

您也可以尝试欧盟委员会倡议的c#移植版本:

DSS.NET

它支持CAdES。尝试在CookBook 中使用MSCAPISignatureToken和指南

CookBook

我使用DSS.NET时使用了以下代码:

using System.Security.Cryptography.X509Certificates;
using EU.Europa.EC.Markt.Dss;
using EU.Europa.EC.Markt.Dss.Signature;
using EU.Europa.EC.Markt.Dss.Signature.Cades;
using EU.Europa.EC.Markt.Dss.Signature.Token;
   private static void SignP7M(X509Certificate2 card, string sourcepath)
            {
                var service = new CAdESService();
                // Creation of MS CAPI signature token
                var token = new MSCAPISignatureToken { Cert = card };
                var parameters = new SignatureParameters
                {
                    SignatureAlgorithm = SignatureAlgorithm.RSA,
                    SignatureFormat = SignatureFormat.CAdES_BES,
                    DigestAlgorithm = DigestAlgorithm.SHA256,
                    SignaturePackaging = SignaturePackaging.ENVELOPING,
                    SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
                    SigningDate = DateTime.UtcNow
                };
                var toBeSigned = new FileDocument(sourcepath);
                var iStream = service.ToBeSigned(toBeSigned, parameters);
                var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);
                var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);
                var dest = sourcepath + ".p7m";
                if (File.Exists(dest)) File.Delete(dest);
                var fout = File.OpenWrite(dest);
                signedDocument.OpenStream().CopyTo(fout);
                fout.Close();
            }

你可以通过两种方式获得卡片:

  • 来自证书存储
  • 来自cert序列号

这里是样品:

public static X509Certificate2 GetCertificate(string _certSn)
        {
            //selezione del token di firma
            var st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            st.Open(OpenFlags.ReadOnly);
            var col = st.Certificates;
            var card = col.Cast<X509Certificate2>().FirstOrDefault(t => t.SerialNumber == _certSn);
            st.Close();
            return card;
        }

public static X509Certificate2 selectCert(StoreName store, StoreLocation location, string windowTitle, string windowMsg)
{
    X509Certificate2 certSelected = null;
    X509Store x509Store = new X509Store(store, location);
    x509Store.Open(OpenFlags.ReadOnly);
    X509Certificate2Collection col = x509Store.Certificates;
    X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, windowTitle, windowMsg, X509SelectionFlag.SingleSelection);
    if (sel.Count > 0)
    {
        X509Certificate2Enumerator en = sel.GetEnumerator();
        en.MoveNext();
        certSelected = en.Current;
    }
    x509Store.Close();
    return certSelected;
}

如果智能卡映射到Windows证书存储,则可以使用CryptoAPI提供的证书。如果智能卡可通过PKCS#11获得,您可以使用我们SecureBlacbox产品的PKIBlackbox包来使用它。此外,PKIBlachbox支持CAdES格式,而不仅仅是PKCS#7/CMS。

相关文章: