Microsoft.Xades Open Source Dll Using PKCS11

本文关键字:Using PKCS11 Dll Source Xades Open Microsoft | 更新日期: 2023-09-27 18:24:20

XADES。我一度陷入困境,请帮帮我。iam使用CSP从存储中选择证书,但我不需要用户的操作,我只需要使用pkcs11包装器从智能卡[令牌]中提取私钥并使用它进行签名。iam使用pkcs11 interop.net wrappr下面是我用来从存储中提取证书的代码

  X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
            X509Certificate2Collection collection = (X509Certificate2Collection) store.Certificates;
            X509Certificate2Collection fcollection =
                (X509Certificate2Collection) collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
            X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection,
                "XAdES sample", "Choose a certificate", X509SelectionFlag.SingleSelection);
            if (scollection != null && scollection.Count == 1)
            {
                cert = scollection[0];
                if (cert.HasPrivateKey == false)
                {
                    MessageBox.Show("This certificate does not have a private key associated with it");
                    cert = null;
                }
            }
            store.Close();

以及我用来从智能卡提取私钥的代码,如下

      Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
        //Get Info
        LibraryInfo libraryInfo = pkcs11.GetInfo();
        // Get list of available slots
        List<Slot> slots = pkcs11.GetSlotList(false);
        //Login to business slot 
        Slot paciSlot = slots[2];
        // Open RO session
        using (Session session = paciSlot.OpenSession(false))
        {
            //Sign and verify with certificate
            //Get Private Key
            List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
            objectAttributes = new List<ObjectAttribute>();
            objectAttributes = new List<ObjectAttribute>();
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
            session.FindObjectsInit(objectAttributes);
            var oObjCollection = session.FindObjects(1);

            ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
            if (oObjCollection.Count > 0)
            {
                oPrivKeyObjectHandle = oObjCollection[0];
            }}

所以我如何使用Microsoft.xades dll智能卡中的私钥。

编辑到问题:-下面是使用csp 进行签名的源代码

       this.BuildDigestedReferences();
        AsymmetricAlgorithm signingKey = this.SigningKey;  //Certificate Private Key
        if (signingKey == null)
        {
            throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
        }
        if (this.SignedInfo.SignatureMethod == null)
        {
            if (!(signingKey is DSA))
            {
                if (!(signingKey is RSA))
                {
                    throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
                }
                if (this.SignedInfo.SignatureMethod == null)
                {
                    this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                }
            }
            else
            {
                this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            }
        }
        SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
        if (description == null)
        {
            throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
        }
        HashAlgorithm hash = new SHA1Managed();
        if (hash == null)
        {
            throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
        }
        //this.GetC14NDigest(hash);
        this.GetC14NDigest(hash, "ds");
        this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);

并使用pkcs11库

        Pkcs11 pkcs11 = new Pkcs11(_pkcs11LibraryPath, false);
        //Get Info
        LibraryInfo libraryInfo = pkcs11.GetInfo();
        // Get list of available slots
        List<Slot> slots = pkcs11.GetSlotList(false);
        //Login to business slot 
        Slot paciSlot = slots[2];
        // Open RO session
        using (Session session = paciSlot.OpenSession(false))
        {
            //Sign and verify with certificate
            //Get Private Key
            var objectAttributes = new List<ObjectAttribute>
            {
                new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
                new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)
            };
            session.FindObjectsInit(objectAttributes);
            var oObjCollection = session.FindObjects(1);

            ObjectHandle oPrivKeyObjectHandle = new ObjectHandle();
            if (oObjCollection.Count > 0)
            {
                oPrivKeyObjectHandle = oObjCollection[0];
            }
            // Specify signing mechanism
            Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
            byte[] signature = session.Sign(mechanism, oPrivKeyObjectHandle, hashedata);

使用csp的签名与使用pkcs11的签名不同,尽管iam使用相同的私钥。

感谢

Microsoft.Xades Open Source Dll Using PKCS11

您不能从智能卡中提取私钥,否则您可能会复制/复制智能卡,从而破坏其主要用途(唯一且安全)

-您可以使用BouncyCastle,它有很多有用的加密API

相关文章: