Archived Forum Post

Index of archived forum posts

Question:

RSA Signature with Certificate's Private Key from Token (A3)

Aug 22 '12 at 11:10

Ok, realy god to sign a string with A1 certificate. http://www.example-code.com/delphi/rsa_signWithPfx.asp

But, in A3 certificates, i cant exporta a privatekey.

pkey := cert.ExportPrivateKey() As CHILKATCERTIFICATELib_TLB.IPrivateKey;

How do it with chilkatRSA ? Tkz for your help.

---

Answer

I assume the A3 token is a hardware device? If so, then it's not possible to access the private key material directly. You wouldn't be able to use Chilkat RSA to create an RSA signature.

However, if you need to create a PKCS7 signature using a digital certificate on a MS Windows system w/ the A3 token, then you should be able to:

(1) Make sure the cert is installed in the Windows registry-based cert store. This is probably already true.

(2) Use ChilkatCrypt2 with CryptAlgorithm = "pki" to create a PKCS7 signature. Internally (on a Windows platform), if Chilkat finds the cert available but the private key is not exportable, then it uses the MS Crypto API to do the work. ("Exportable" means that the only code allowed to access and use the private key material is the Microsoft Crypto API -- even though it's simply an implementation of PKCS7 signatures just like Chilkat or other 3rd party vendors..)