Hello Mathias, On Tue, 2008-06-03 at 15:27 +0200, Mathias Tausig wrote: > > On Tue, 2008-06-03 at 10:34 +0200, Mathias Tausig wrote: > >> >> unless you know the details of the private > >> >> key? > >> > > >> > No sure if I understand your meaning. Windows tends to "hide" the > >> > private keys (in it's stores) from the users. However there's nothing > >> > you can do, with them, unless you know their "details" (i.e. at least > >> > how to access or use, not necessarily read, it). > >> > > >> > >> What I mean is, that it obviously only works with software keys but not > >> with hardware tokens (which can be used via an overloaded > >> AsymetricAlgorithm class in SignedXml). > > > > What is the basis of this "obvious" assertion ? The API is identical so > > it should[1] work with either software or hardware[2] based crypto. > > However your job may be a bit more complex if your hardware does not > > provide the same level of functionality as the API requires. > > I've looked through some code samples and the msdn articles on the Cms > classes and that lead me to the assumption the code uses windows specific > stuff (windows certificate store, installed CSPs) to get hold of the > private key which makes it impossible for me to use it non non-windows > systems with a smartcard.
MSDN samples only have to work on Windows so they often jump to the easiest solutions ;-) However it should be possible to make Cms class, once completed, work under Mono / non-Windows OS. note: since a lot of code copy from MSDN samples it's likely they won't work without modification - but that should not influence your own code. > > [1] it's a bit more complex under MS implementation since the [RSA| > > DSA]CryptoServiceProvider are special cases that do not play well with > > other, more general, classes. A possible solution is to supply a native > > CSP and use the *CryptoServiceProvider to access it (but that won't work > > on Mono). > > I guess that writing my own CSP is not really an option, especially since > I want a portable program. I would not advise it. It's quite complex since you have to supply a lot of extra logic (90%) beside what you want to add (10%). > > [2] some hardware, like smartcards, have limitations that does not fit > > well with (most) cryptographic API. E.g. some will do the padding > > themselves and that, in the .NET framework case, will require you to > > provider your own [Def|F]ormatter classes. > > > > Sebastien > > > > p.s. you jumped from SignedCms to SignedXml ;-) > > > On Purpose. I just wanted to state, that what I want to worked for me for > SignedXml (by deriving from RSA, and with your help, of course :-) ) but > does not seem to work for PKCS#7 signatures, at least wast of windows ... AFAIK it should work based on the design - but I could be wrong (it's been known to happen ;-) and I did not try it myself... Sebastien _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
