Not that I've been able to see - although it is always possible that I'm just
missing something.
I can gain indirect access to the device using CspParameters to reference the
Luna Cryptographic Service Provider. This essentially gives me a handle I can
use for signing/verifying etc. As an example, the following works fine:
CspParameters csp = new CspParameters(1, "Luna Cryptographic Services for
Microsoft Windows");
csp.KeyContainerName = "containerName";
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp))
{
string originalString = "test";
byte[] originalData = Encoding.UTF8.GetBytes(originalString);
byte[] signedData = rsa.SignData(originalData, new
SHA1CryptoServiceProvider());
bool isValid = rsa.VerifyData(originalData, new
SHA1CryptoServiceProvider(), signedData);
Debug.Assert(isValid);
}
I've tried to use the .NET CmsSigner overload that accepts CspParameters as an
overload (instead of passing a certificate reference):
static public byte[] SignContent(Byte[] content, CspParameters
cspParameters, bool detached)
{
ContentInfo contentInfo = new ContentInfo(content);
SignedCms signedCms = new SignedCms(contentInfo, detached);
CmsSigner cmsSigner = new CmsSigner(cspParameters);
signedCms.ComputeSignature(cmsSigner, false);
return signedCms.Encode();
}
But when I do, I run into a "Bad Key" exception:
Exception:
System.Security.Cryptography.CryptographicException
Message:
Bad Key.
Stack Trace:
at
System.Security.Cryptography.Pkcs.PkcsUtils.CreateDummyCertificate(CspParameters
parameters)
at
System.Security.Cryptography.Pkcs.CmsSigner..ctor(CspParameters parameters)
at ConsoleApplication5.Program.SignContent(Byte[] content,
CspParameters cspParameters, Boolean detached) in
C:\dev\ConsoleApplication5\Program.cs:line 193
at ConsoleApplication5.Program.Main(String[] args)
at System.AppDomain._nExecuteAssembly(Assembly assembly,
String[] args)
at
Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
This makes it seem like there is something unsupported in the way I'm trying to
call it. I've dug into the issue further by making the CAPI calls directly,
and I've narrowed the issue down to the point in the internal .NET
'CreateDummyCertificate' method where the call to the CAPI method
'CertCreateSelfSignCertificate' is made (which is where the 'Bad Key' exception
occurs).
Given that others have gotten this to work on Java, I know the device supports
this type of use-case, and I know it's not an issue with iText/iTextSharp. So
at this point, I'm just trying to figure out the missing pieces with how it
should be implemented in .NET.
Mike
-----Original Message-----
From: Paulo Soares [mailto:[email protected]]
Sent: Friday, September 24, 2010 7:28 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] Luna SA (HSM) Integration with iTextSharp
The example http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2
should be able to sign with anything present in the windows certificate store,
including smartcards. Doesn't the Luna also appear in the certificate store?
Paulo
-----Original Message-----
From: Mike Chynoweth [mailto:[email protected]]
Sent: Friday, September 24, 2010 12:18 PM
To: Post all your questions about iText here
Subject: Re: [iText-questions] Luna SA (HSM) Integration with iTextSharp
Thanks for the responses - I appreciate the help. I've been able to apply
local certificates without an issue, but the difficulty I've been having is
with how to fit the Luna SA (HSM) piece into the puzzle. I've seen some great
resources and examples out there for doing this in Java, but I haven't found
how to do this in C#.
I've done a lot of experimentation with the built-in .NET classes as well as
taking a more direct approach and working directly with CAPI, etc.
Unfortunately, I still seem to be missing something with how the whole process
should work in a .NET (C#) environment.
Any further guidance that can be offered would be greatly appreciated. Thanks.
Mike
-----Original Message-----
From: msinatl [mailto:[email protected]]
Sent: Thursday, September 23, 2010 1:16 PM
To: [email protected]
Subject: Re: [iText-questions] Luna SA (HSM) Integration with iTextSharp
Hi Mike,
Here is another example:
http://geekcredential.wordpress.com/2010/09/13/signing-a-pdf-with-itext-and-a-luna-hsm/
Thanks to Cristophe; I borrowed his solution for building the certificate chain.
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Luna-SA-HSM-Integration-with-iTextSharp-tp2552278p2552414.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10
million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/ Check the site with examples
before you ask questions: http://www.1t3xt.info/examples/ You can also search
the keywords list: http://1t3xt.info/tutorials/keywords/
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10
million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/ Check the site with examples
before you ask questions: http://www.1t3xt.info/examples/ You can also search
the keywords list: http://1t3xt.info/tutorials/keywords/
Aviso Legal:
Esta mensagem ? destinada exclusivamente ao destinat?rio. Pode conter
informa??o confidencial ou legalmente protegida. A incorrecta transmiss?o desta
mensagem n?o significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. ? proibido a qualquer pessoa que n?o o destinat?rio de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
