Archived Forum Post

Index of archived forum posts

Question:

Sign with SmartCard

May 28 '15 at 02:18

Hi, I need to sign some file with an automatic batch. For one service I have a PFX file and so I can sign them. Now I have another service that it require to sign with a certificate that it is on a smart cart. The private key is not exportable and so I receive next error:

ChilkatLog:
  CreateP7M:
    DllDate: Mar  6 2015
    ChilkatVersion: 9.5.0.48
    UnlockPrefix: ###
    Username: ###
    Architecture: Little Endian; 32-bit
    Language: .NET 4.0
    VerboseLogging: 0
    inPath: C:###test.xml
    outPath: C:###test.xml.p7m
    createOpaqueSignature:
      A private key exists, but it is not exportable.  Will use CryptoAPI for signing.
      Using Crypto API, therefore must load entire file into memory.
      msCryptoSignature:
        bDetached: 0
        cert_def_provider: Bit4id Universal Middleware Provider
        hashAlgorithmName: sha256
        hashAlgorithmOid: 2.16.840.1.101.3.4.2.1
        buildCertChain:
          startCertDN: ###
          Certificate signature verified.
          Certificate chain completed to root.
          Root (self-signed) certificate signature verified.
        --buildCertChain
        signingCert: ###
        includedCert: ###
        WindowsError: Si  verificato un errore interno. (Internal error)
        WindowsErrorCode: 0x80090020
      --msCryptoSignature
    --createOpaqueSignature
    Failed.
  --CreateP7M
--ChilkatLog
My code is similar to:
Dim inFile As String = "C:###test.xml"
Dim outFile As String = "C:###test.p7m.xml"

Dim crypt As New Chilkat.Crypt2 crypt.UnlockComponent("####")

Dim cert As New Chilkat.Cert cert.LoadByCommonName("#####")

Dim csp As New Chilkat.Csp csp.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" csp.SetHashAlgorithm("sha256") crypt.SetCSP(csp)

If Not crypt.SetSigningCert(cert) Then Throw New Exception(crypt.LastErrorText) Else If Not crypt.CreateP7M(inFile, outFile) Then Throw New Exception(crypt.LastErrorText) Else MessageBox.Show("Success") End If End If

What can I do?


Answer

Try omitting all use of Chilkat.Csp. The Chilkat.Csp object really shouldn't be needed, and it's likely that setting specific values in it are the cause of the trouble.


Answer

I try your solution and it doesn't throw error. The procedure creates file p7m but it sign with sha1 algorithm. I need to sign with sha256. Next step is remove the pin request. I tried to use SetSecretKeyViaPassword but pin popup still appeared. Wath function should I use?


Answer

I don't think either of these issues can be resolved w/ Chilkat. Chilkat is simply using the CSP indirectly via the Microsoft CryptoAPI, and it may be that the CSP does not support SHA256. Also, the pin request is something controlled by the hardware/CSP/operating system and is not something that Chilkat can suppress.


Answer

Ok , I will try in the Microsoft documentation.


Answer

Could you be using a SmartCard certificate that doesn't support the provider you specified? See https://support.microsoft.com/en-us/kb/2003319 for more info.

Dan