Hi, I need to sign some file with an automatic batch. For one service I have a PFX file and so I can sign them. Now I have another service that it require to sign with a certificate that it is on a smart cart. The private key is not exportable and so I receive next error:
ChilkatLog: CreateP7M: DllDate: Mar 6 2015 ChilkatVersion: 126.96.36.199 UnlockPrefix: ### Username: ### Architecture: Little Endian; 32-bit Language: .NET 4.0 VerboseLogging: 0 inPath: C:###test.xml outPath: C:###test.xml.p7m createOpaqueSignature: A private key exists, but it is not exportable. Will use CryptoAPI for signing. Using Crypto API, therefore must load entire file into memory. msCryptoSignature: bDetached: 0 cert_def_provider: Bit4id Universal Middleware Provider hashAlgorithmName: sha256 hashAlgorithmOid: 2.16.8188.8.131.52.4.2.1 buildCertChain: startCertDN: ### Certificate signature verified. Certificate chain completed to root. Root (self-signed) certificate signature verified. --buildCertChain signingCert: ### includedCert: ### WindowsError: Si verificato un errore interno. (Internal error) WindowsErrorCode: 0x80090020 --msCryptoSignature --createOpaqueSignature Failed. --CreateP7M --ChilkatLogMy code is similar to:
Dim inFile As String = "C:###test.xml" Dim outFile As String = "C:###test.p7m.xml"What can I do?
Dim crypt As New Chilkat.Crypt2 crypt.UnlockComponent("####")
Dim cert As New Chilkat.Cert cert.LoadByCommonName("#####")
Dim csp As New Chilkat.Csp csp.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" csp.SetHashAlgorithm("sha256") crypt.SetCSP(csp)
If Not crypt.SetSigningCert(cert) Then Throw New Exception(crypt.LastErrorText) Else If Not crypt.CreateP7M(inFile, outFile) Then Throw New Exception(crypt.LastErrorText) Else MessageBox.Show("Success") End If End If
Try omitting all use of Chilkat.Csp. The Chilkat.Csp object really shouldn't be needed, and it's likely that setting specific values in it are the cause of the trouble.
I try your solution and it doesn't throw error. The procedure creates file p7m but it sign with sha1 algorithm. I need to sign with sha256. Next step is remove the pin request. I tried to use SetSecretKeyViaPassword but pin popup still appeared. Wath function should I use?
I don't think either of these issues can be resolved w/ Chilkat. Chilkat is simply using the CSP indirectly via the Microsoft CryptoAPI, and it may be that the CSP does not support SHA256. Also, the pin request is something controlled by the hardware/CSP/operating system and is not something that Chilkat can suppress.
Ok , I will try in the Microsoft documentation.
Could you be using a SmartCard certificate that doesn't support the provider you specified? See https://support.microsoft.com/en-us/kb/2003319 for more info.