Hello Valerio, you have already seen my answer to a similar SO question [0]. If you are not sure where to start you can for example try to follow these steps:
Step 1 - Get familiar with RFC 5652 [1] which describes CMS structure. Step 2 - Download the source code of Bouncy Castle library [2]. Step 3 - Step through the Bouncy Castle source code with your debugger attached and identify the places where the decryption with private key is performed. Step 4 - Replace identified decryption code with your code that utilizes the smartcard. Step 5 - Think about what you have done and find more elegant solution. Step 6 - Repeat step 5 until you are happy with your code (it may take several iterations until you will understand lower APIs and will be able to produce solution that does not require modification of Bouncy Castle internals). Step 7 - Share your code with the rest of Bouncy Castle users. Regards, Jaroslav [0] http://stackoverflow.com/a/29562921/3325704 [1] http://tools.ietf.org/rfc/rfc5652.txt [2] https://github.com/bcgit/bc-csharp On Fri, Apr 10, 2015 at 10:05 AM, Valerio Borsò <vbo...@gmail.com> wrote: > I'm using *Boncycastle* to manage the Encrypt function of my project. I > managed out to use *CMS* for encrypt and decrypt where both key are > stored in my file system (a .cert and a .p12). > > These are the two function I'm actually using: > > private static byte[] CmsEncrypt(byte[] message) > > { > > var envelopGenerator = new CmsEnvelopedDataGenerator(); > > var certificateStream = new FileStream("Test.cer", > FileMode.Open, FileAccess.Read); > > var cert = new > X509CertificateParser().ReadCertificate(certificateStream); > > envelopGenerator.AddKeyTransRecipient(cert); > > return > > envelopGenerator.Generate(new > CmsProcessableByteArray(message), CmsEnvelopedGenerator.DesEde3Cbc) > > .GetEncoded(); > > } > > > private static byte[] CmsDecrypt(byte[] encrypted, > AsymmetricKeyParameter key, X509Certificate cert) > > { > > return new > CmsEnvelopedData(encrypted).GetRecipientInfos().GetFirstRecipient(new > RecipientID() > > { > > SerialNumber = cert.SerialNumber, > > Issuer = cert.IssuerDN > > }).GetContent(key); > > } > > > Now I have to do a step forward, The private key must be on a smartcard > but I can't really figure out to use the *CMS* in this scenario. > > I can initialize the card and decrypt a simple message (using standard > *pkcs11*, I found a good wrapper for c#) but I cant find any clue how to > do *CMS* decryption with smartcard. >
