Microsoft.Xades Open Source Dll Using PKCS11
本文关键字:Using PKCS11 Dll Source Xades Open Microsoft | 更新日期: 2023-09-27 18:24:20
XADES。我一度陷入困境,请帮帮我。iam使用CSP从存储中选择证书,但我不需要用户的操作,我只需要使用pkcs11包装器从智能卡[令牌]中提取私钥并使用它进行签名。iam使用pkcs11 interop.net wrappr下面是我用来从存储中提取证书的代码
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection) store.Certificates;
X509Certificate2Collection fcollection =
(X509Certificate2Collection) collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection,
"XAdES sample", "Choose a certificate", X509SelectionFlag.SingleSelection);
if (scollection != null && scollection.Count == 1)
{
cert = scollection[0];
if (cert.HasPrivateKey == false)
{
MessageBox.Show("This certificate does not have a private key associated with it");
cert = null;
}
}
store.Close();
以及我用来从智能卡提取私钥的代码,如下
Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
//Get Info
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
//Login to business slot
Slot paciSlot = slots[2];
// Open RO session
using (Session session = paciSlot.OpenSession(false))
{
//Sign and verify with certificate
//Get Private Key
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes = new List<ObjectAttribute>();
objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
session.FindObjectsInit(objectAttributes);
var oObjCollection = session.FindObjects(1);
ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
if (oObjCollection.Count > 0)
{
oPrivKeyObjectHandle = oObjCollection[0];
}}
所以我如何使用Microsoft.xades dll智能卡中的私钥。
编辑到问题:-下面是使用csp 进行签名的源代码
this.BuildDigestedReferences();
AsymmetricAlgorithm signingKey = this.SigningKey; //Certificate Private Key
if (signingKey == null)
{
throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
if (!(signingKey is DSA))
{
if (!(signingKey is RSA))
{
throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
}
if (this.SignedInfo.SignatureMethod == null)
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
}
}
else
{
this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
}
}
SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
if (description == null)
{
throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
}
HashAlgorithm hash = new SHA1Managed();
if (hash == null)
{
throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
}
//this.GetC14NDigest(hash);
this.GetC14NDigest(hash, "ds");
this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
并使用pkcs11库
Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
//Get Info
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
//Login to business slot
Slot paciSlot = slots[2];
// Open RO session
using (Session session = paciSlot.OpenSession(false))
{
//Sign and verify with certificate
//Get Private Key
var objectAttributes = new List<ObjectAttribute>
{
new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)
};
session.FindObjectsInit(objectAttributes);
var oObjCollection = session.FindObjects(1);
ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
if (oObjCollection.Count > 0)
{
oPrivKeyObjectHandle = oObjCollection[0];
}
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
byte[] signature = session.Sign(mechanism, oPrivKeyObjectHandle, hashedata);
使用csp的签名与使用pkcs11的签名不同,尽管iam使用相同的私钥。
感谢
您不能从智能卡中提取私钥,否则您可能会复制/复制智能卡,从而破坏其主要用途(唯一且安全)
-您可以使用BouncyCastle,它有很多有用的加密API