如何确保我从我的SmartCard存取凭证,而不是在c#中建立我的个人凭证存放区? 和如何让我的RSACryptoProvider利用我的智能卡证书私钥?
How can I ensure to I am accesing the Certificates from my SmartCard and not form my personal certificate store in c#? and How can I make my RSACryptoProvider to utilize my smart card certificate private key?
感谢
Wally
推荐答案有时候,特别是如果你没有在智能卡上使用默认密钥容器名不会复制到本地证书存储。解决方案是使用crypto api通过KP_CERTIFICATE访问密钥,从检索的数据构造证书,并为其分配一个使用您自己的密钥容器名称构造的新RSACryptoServiceProvider。
Sometimes, especially if you are not using default key container name on the smart card (recommended by Microsoft), certificates are not copied to local certificate store. The solution is to use crypto api to access the key with KP_CERTIFICATE, construct certificate from the retrieved data, and assign it a new RSACryptoServiceProvider constructed using your own key container name.
伪C#代码如下:
int reti = CryptoApi.CryptGetUserKey(_hprovider, keytype, ref userKey); if (reti) { reti =CryptoApi.CryptGetKeyParam(_userKey, KP_CERTIFICATE, ref pbdata, ref pwddatalen, 0); } if (reti || pwddatalen>0) { byte[] data = new byte[pwddatalen]; ret = CryptoApi.CryptGetKeyParam(_userKey, KP_CERTIFICATE, data, ref pwddatalen, 0); if (ret) { X509Certificate2 c = new X509Certificate2(data); X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, c.Thumbprint, validonly); store.Close(); if (col.Count != 1) { //not found in store - CSP didn't copy it c.PrivateKey = PrivateKey(keytype); return c; } else { return col[0]; } } } private RSACryptoServiceProvider PrivateKey (KeyType keytype) { CspParameters csparms = new CspParameters(); csparms.KeyContainerName = _containerName; csparms.ProviderName = _provider; csparms.ProviderType = 1; csparms.Flags = CspProviderFlags.UseMachineKeyStore | CspProviderFlags.UseExistingKey; csparms.KeyNumber = (int)keytype; return new RSACryptoServiceProvider(csparms); }更多推荐
来自SmartCard的证书在C#
发布评论