c# - X509Certificate2 访问私钥到安全 token

Question

我必须使用存储在安全 token 中的证书。我可以从 Windows 证书存储区访问它，但该设备有密码，因此会显示一个带有输入字段的弹出窗口。

这是我用来加载证书的代码:

static X509Certificate2 BuscarCertificado
    (StoreLocation location, StoreName name, 
    X509FindType findType, string findValue)
{
    X509Store store = new X509Store(name, location);
    try{
        store.Open(OpenFlags.ReadOnly);

        X509Certificate2Collection col = store.Certificates.Find
            (findType, findValue, true);

        return col[0];
    }
    finally { store.Close(); }
}

该设备是 ACS CryptoMate64 0。

是否可以在代码中发送密码以不显示此消息？

感谢您的帮助

Answer 1

我没有 ACS CryptoMate64 0。但此代码适用于 Siemens CardOS v4.3B(驱动程序 CardOS API v5.2 build 15)。您将必须检查它是否也适合您。

using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;

namespace SignWithToken
{
    class Program
    {
        static void Main(string[] args)
        {
            // ------ select certificate for signing ---------
            // open store
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.MaxAllowed);

            // find cert by thumbprint
            var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, "44 df b8 96 73 55 e4 e2 56 3a c0 a2 e0 66 8e 52 8a 3a 4a f4", true);

            if (foundCerts.Count == 0)
                return;

            var certForSigning = foundCerts[0];
            store.Close();

            // -------- prepare private key with password --------
            // prepare password
            var pass = new SecureString();
            for(var i=0;i<8;i++)
                pass.AppendChar('1');

            // take private key
            var privateKey = certForSigning.PrivateKey as RSACryptoServiceProvider;

            // make new CSP parameters based on parameters from current private key but throw in password
            CspParameters cspParameters = new CspParameters(privateKey.CspKeyContainerInfo.ProviderType,
                privateKey.CspKeyContainerInfo.ProviderName,
                privateKey.CspKeyContainerInfo.KeyContainerName,
                null,
                pass);

            // make RSA crypto provider based on given CSP parameters
            var rsaCsp = new RSACryptoServiceProvider(cspParameters);

            // set modified RSA crypto provider back
            certForSigning.PrivateKey = rsaCsp;

            // ---- Sign -----
            // prepare content to be signed
            ContentInfo content = new ContentInfo(new byte[] {0x01, 0x02, 0x03});
            SignedCms cms = new SignedCms(content);

            // prepare CMS signer 
            CmsSigner signer = new CmsSigner(certForSigning);

            // sign to PKCS#7
            cms.ComputeSignature(signer);

            // get encoded PKCS#7 value
            var result = cms.Encode();

            // ------ Verify signature ------
            SignedCms cmsToVerify = new SignedCms();
            // decode signed PKCS#7
            cmsToVerify.Decode(result);

            // check signature of PKCS#7
            cmsToVerify.CheckSignature(true);
        }
    }
}