When i try signing a document with CADES using a certificate from currentuserstore. I get this error. When i use this certificate in internet explorer a dialog shows to enter a password. I don't know how enter this password using chilkat. The lasterrorText obtained is:
DllDate: Aug 5 2012
UnlockPrefix: 30-day trial
Architecture: Little Endian; 32-bit
hcCurDate: Fri, 16 Nov 2012 21:05:32 +0100
SubjectDN: C=ES, SN=36137603A, Surname=ALCONADA, OID.184.108.40.206=ERNESTO, CN="ALCONADA GARCIA, ERNESTO (FIRMA)"
No private key seems to be available for signing (5)
Continuing anyway in case it's a hardware CSP...
Will use CryptoAPI for signing.
Cannot produce CAdES signatures when forced to use the MS-Crypto API because of inability to access the private key.
The certificate (PFX) must be installed with the private key marked as exportable.
There are two solutions:
1) Re-import the PFX containing the certificate and private key onto the system, but this time allow the private key to be exportable. This will allow the Chilkat internals to gain access to the private key material such that it can produce the CAdES signature.
2) Use the PFX directly, and in this case you'll need to provide the PFX password in the call to AddPfxSourceFile.
Hi, I've the same problem, but the certificate I use to sign is on a SmartCard, so it's impossible (?) to "1) Re-import the PFX..." or "2) Use the PFX directly...". How can I sign a document with CAdES using a SmartCard? Thanks
You cannot using Chilkat. When the private key is on a smartcard, Chilkat must use the underlying MS Crypto API (instead of it's own PKCS7 implementation) to do the signing. The Crypto API does not have CAdES capability. Therefore, the only choice is to use Chilkat's PKCS7 functionality.
Unfortunately, what Microsoft considers to be the "exporting" of the private key includes the act of accessing the private key in-memory. When Crypto-API does the same, Microsoft doesn't consider it to be "exporting" the private key.