February 18, 2009

Selecting Smartcard Hash Algorithm

Question:

I’m tried to produce a P7S file with the hash algorithm SHA-512, but the code always produces a signature with an SHA-1 hash for the data. If I’m selecting MD5 as hash algorithm it works fine. I’m using a Smartcard (D-Trust with Siemens Card OS 4.3) , ReinerSCT card reader and as Smartcard CSP Nexus Personal 4.10.1.

Here’s my C# code:

            Chilkat.Crypt2 crypt = new Chilkat.Crypt2();
 
            //  Any string argument automatically begins the 30-day trial.
            bool success;
            success = crypt.UnlockComponent("30-day trial");
            if (success != true)
            {
                System.Console.WriteLine("Crypt component unlock failed");
                System.Console.ReadLine();
                return;
            }
 
            Chilkat.CertStore store = new Chilkat.CertStore();
            store.OpenCurrentUserStore(true);
            for (int i = 0; i < store.NumCertificates; i++)
            {
                System.Console.WriteLine(store.GetCertificate(i).SerialNumber);
            }
            Chilkat.Cert cert = store.FindCertBySerial("FFFFFF");
            if (cert == null)
            {
                System.Console.WriteLine("not found");
                System.Console.ReadLine();
                return;
            }
 
            //  Make sure this certificate has a private key available:
            bool bHasPrivateKey;
            bHasPrivateKey = cert.HasPrivateKey();
            if (bHasPrivateKey != true)
            {
                System.Console.WriteLine("No private key available for signing.");
                System.Console.ReadLine();
                return;
            }
 
            Chilkat.Csp csp = new Chilkat.Csp();
            System.Console.WriteLine(csp.SetProviderMicrosoftRsaAes());
            System.Console.WriteLine(csp.ProviderName);
 
            for (int i = 0; i < csp.NumHashAlgorithms; i++)
            {
                System.Console.WriteLine(csp.GetHashAlgorithm(i));
            }
 
            System.Console.WriteLine(csp.SetHashAlgorithm("SHA-512"));
 
            //  Tell the crypt component to use this cert and this CSP.
            crypt.SetSigningCert(cert);
            System.Console.WriteLine(crypt.SetCSP(csp));
            System.Console.WriteLine(crypt.CreateP7S(@"test.txt", @"test.txt.p7s"));
            System.Console.ReadLine();

Answer:

If you wish to use the Smartcard, you need to first find the name of the CSP for that Smartcard. Then select it by setting the csp.ProviderName property equal to it. It must be exact. Then list the hash algorithms as you did before, like this:

            for (int i = 0; i < csp.NumHashAlgorithms; i++)
            {
                System.Console.WriteLine(csp.GetHashAlgorithm(i));
            }

This will show which hash algorithms are supported by your Smartcard. Finally, select the hash algorithm by calling csp.SetHashAlgorithm. (PS> The code to list the hash algorithms may be removed once you determine which algorithms are supported by your smartcard.)

admin
0
Tags :

Tags

ActiveX asp async asynchronous C# callbacks charset Delphi email Encryption error messages events exchange server FTP GMail HTTP IMAP IOS Java Linking MHT MIME oauth2 Office365 pfx PHP pop3 port-forwarding regsvr32 release notes RSA SFTP SMTP socket SSH SSL TLS tunnel upload vb6 VC++ x64 xades XML zip