Certificate and PrivateKey with NCryptoki

Forum > NCryptoki Forum > Certificate and PrivateKey with NCryptoki

Certificate and PrivateKey with NCryptoki

You must sign in to post in the forums.

12/4/2014 10:11:19 AM

scarlet_5

Total Posts 3

View Posts

Certificate and PrivateKey with NCryptoki

Hi,

I need to get X509Certificate2 from smart card by using NCryptoki. I ll use this certificate in my wcf client application to create WS-Security.

I'm getting certificate as: STEP-1

template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509));
CryptokiCollection object2 = session.Objects.Find(template, 2);
if (object2.Count > 0)
{
Cryptware.NCryptoki.X509Certificate NCryptokiCertificate = (Cryptware.NCryptoki.X509Certificate)object2[0];
var cert = Cryptware.NCryptoki.Utils.ConvertCertificate(NCryptokiCertificate);
}

But private key of this certificate is null - as expected, because it's not exportable /extractable.

Also i can get private key with following code : STEP-2

template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "LABELNAME"));

CryptokiCollection objects = session.Objects.Find(template, 10);
if (objects.Count > 0)
{
RSAPrivateKey privateKey = (RSAPrivateKey)objects[objects.Count - 1];
}

So my question is that how can i set this RSAPrivateKey privateKey to certificate's private key which i already get in STEP-1 ?

cert.PrivateKey = privateKey ???

Is there any conversion for these types (RSAPrivateKey to AsymmetricAlgorithm) ? Or it's impossible?

Any help would be much appreciated. Thanks...

12/16/2014 11:42:08 AM

Ugo Chirico

Total Posts 300

View Posts

Ugo Chirico http://www.ugochirico.com

Re: Certificate and PrivateKey with NCryptoki

You cannot read the content of a private key from the card if it is set as not exportable / extractable.

This isn't a limitation of NCryptoki. This is the normal behavior of a PKCS#11 module/token.

The PrivateKey object you got with your code is an handler to PrivateKey in the smart card. It has the properties of the PrivateKey but not the content. If you try to read the content (I meand modulus, private exponent etc.) you get an error because you cannot read it.

12/31/2014 10:07:25 AM

scarlet_5

Total Posts 3

View Posts

Re: Certificate and PrivateKey with NCryptoki

Thanks for answer. I'm trying to create soap message and sign it by using NCryptoki as a XML signature. I saw topic on http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&mid=22&ItemID=1&thread=164 that is about nearly same things what i need to do.

I have already done;

1) calculate the digest value and reference back to both fields (body and timestamp) in the SignedInfo. OK
2) get the hash SHA256 value of the SignedInfo element. OK
3) calculate the DigestInfo using the hash at item 2), specifing as digest algo SHA256 ?????? NOK

Also you describe DigestInfo as

DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest
}
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
Digest ::= OCTET STRING

But i don't know how to create/calculate DigestInfo by using C#. Is there any library that i have to use ?? OR is there any example C# code for this?

Any help would be much appreciated. Thanks...

You must sign in to post in the forums.