EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Smart card certificate

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#26054
Posted: 08/07/2013 14:01:59
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi,
I'm evaluating XMLBlackbox library. I need to sign, with xades-bes protocol, a message and I was able to do this using a p12 certificate.
When I use a certificate with non exportable private key stored in smart card I obtain the error "RSA key data expected".
This is my code:
Code
Dim Signer As New TElXMLSigner
            Dim XAdESSigner As TElXAdESSigner = Nothing
            Dim X509KeyData As TElXMLKeyInfoX509Data = Nothing
            Dim memStream As MemoryStream = Nothing
            Dim SigNode As TElXMLDOMNode
            Dim Ref As TElXMLReference = Nothing
            Dim Refs As TElXMLReferenceList
            Dim xmlDocument As TElXMLDOMDocument
            Dim winCertStorage As TElWinCertStorage = Nothing
            Try
                ...
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloped
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanonComment_v1_1
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256

                Signer.References = Refs

                winCertStorage = New TElWinCertStorage
                winCertStorage.StorageType = TSBStorageType.stSystem
                winCertStorage.AccessType = TSBStorageAccessType.atCurrentUser
                winCertStorage.ReadOnly = True
                winCertStorage.SystemStores.BeginUpdate()
                winCertStorage.SystemStores.Add("MY")
                Dim signCert As TElX509Certificate = Nothing
                Dim i As Integer
                i = 0
                While i < winCertStorage.Count
                   ' Save the correct cert based on digest on signCert
                End While
                X509KeyData = New TElXMLKeyInfoX509Data(False)
                X509KeyData.Certificate = signCert
                ...
                Signer.KeyData = X509KeyData

                XAdESSigner = New TElXAdESSigner
                Signer.XAdESProcessor = XAdESSigner
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_BES
                XAdESSigner.SigningTime = DateTime.Now.ToUniversalTime()
                XAdESSigner.Generate()
                ...
                Signer.UpdateReferencesDigest()
                Signer.GenerateSignature()
                ...
                Signer.Save(SigNode)
                ...
            Catch Ex As Exception
                ...
            Finally
...
            End Try


Can you help me?
#26055
Posted: 08/07/2013 14:07:27
by Eugene Mayevski (EldoS Corp.)

Thank you for the report. Did you test our sample projects? Do they expose the issue?

You can find the sample projects in <SecureBlackbox>\Samples\VB.NET\XMLBlackbox folder. It's better to start testing with TinySigner as it is simpler.


Sincerely yours
Eugene Mayevski
#26056
Posted: 08/07/2013 17:11:59
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi Eugene,
thanks for your reply.
I have problem also with the SimpleSigner example: with .net 4.5 library it's ok, the win certs are all with the flag PrivateKeyExists=true but with .net 4.0 for the same certs I have all PrivateKeyExists=false. I need to use .net 4.0 for compatibility with Windows XP.

Silvia
#26057
Posted: 08/07/2013 23:45:30
by Eugene Mayevski (EldoS Corp.)

Please check this FAQ article: https://www.eldos.com/security/articles/7899.php , maybe it's relevant to your case.

In general this is sounds like some .NET bug which doesn't work as expected without a patch.


Sincerely yours
Eugene Mayevski
#26058
Posted: 08/08/2013 00:53:05
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi Eugene,
you're right, it's a problem with the configuration of VS2012 on my PC, if I compile the projects and run them everything works properly.
In my project I have reference to the following DLLs:
- SecureBlackBox.dll
- SecureBlackBox.PGP.dll
- SecureBlackBox.XML.dll
- SecureBlackBox.XMLSecurity.dll
To sign XAdES-BES with a certificate contained in a smart card I only need these libraries? Are all of them contained in XMLBlackbox?
#26059
Posted: 08/08/2013 00:56:57
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
To sign XAdES-BES with a certificate contained in a smart card I only need these libraries? Are all of them contained in XMLBlackbox?

Hello.

SecureBlackBox.PGP.dll is a part of OpenPGPBlackbox, but you don't need it for your task, so XMLBlackbox is enough.
#26060
Posted: 08/08/2013 01:16:30
by Eugene Mayevski (EldoS Corp.)

Actually OpenPGPBlackbox is included with XMLBlackbox to allow proper linkage.

Also if you want to add timestamping (now or later), please check this article:
https://www.eldos.com/security/articles/6872.php


Sincerely yours
Eugene Mayevski
#26062
Posted: 08/08/2013 01:19:40
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

If I remove SecureBlackBox.PGP.dll the project compile properly but at runtime I obtain the following error during signature:

Could not load file or assembly 'SecureBlackbox.PGP, Version=10.0.233.0, Culture=neutral, PublicKeyToken=5a62fa96d0ac431a' or one of its dependencies.
#26063
Posted: 08/08/2013 01:29:56
by Eugene Mayevski (EldoS Corp.)

Indeed PGP assembly is needed.


Sincerely yours
Eugene Mayevski
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 1898 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!