EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Smart card certificate

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#26054
Posted: 08/07/2013 14:01:59
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi,
I'm evaluating XMLBlackbox library. I need to sign, with xades-bes protocol, a message and I was able to do this using a p12 certificate.
When I use a certificate with non exportable private key stored in smart card I obtain the error "RSA key data expected".
This is my code:
Code
Dim Signer As New TElXMLSigner
            Dim XAdESSigner As TElXAdESSigner = Nothing
            Dim X509KeyData As TElXMLKeyInfoX509Data = Nothing
            Dim memStream As MemoryStream = Nothing
            Dim SigNode As TElXMLDOMNode
            Dim Ref As TElXMLReference = Nothing
            Dim Refs As TElXMLReferenceList
            Dim xmlDocument As TElXMLDOMDocument
            Dim winCertStorage As TElWinCertStorage = Nothing
            Try
                ...
                Signer.SignatureType = SBXMLSec.Unit.xstEnveloped
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanonComment_v1_1
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256

                Signer.References = Refs

                winCertStorage = New TElWinCertStorage
                winCertStorage.StorageType = TSBStorageType.stSystem
                winCertStorage.AccessType = TSBStorageAccessType.atCurrentUser
                winCertStorage.ReadOnly = True
                winCertStorage.SystemStores.BeginUpdate()
                winCertStorage.SystemStores.Add("MY")
                Dim signCert As TElX509Certificate = Nothing
                Dim i As Integer
                i = 0
                While i < winCertStorage.Count
                   ' Save the correct cert based on digest on signCert
                End While
                X509KeyData = New TElXMLKeyInfoX509Data(False)
                X509KeyData.Certificate = signCert
                ...
                Signer.KeyData = X509KeyData

                XAdESSigner = New TElXAdESSigner
                Signer.XAdESProcessor = XAdESSigner
                XAdESSigner.XAdESVersion = SBXMLAdES.Unit.XAdES_v1_3_2
                XAdESSigner.XAdESForm = SBXMLAdES.Unit.XAdES_BES
                XAdESSigner.SigningTime = DateTime.Now.ToUniversalTime()
                XAdESSigner.Generate()
                ...
                Signer.UpdateReferencesDigest()
                Signer.GenerateSignature()
                ...
                Signer.Save(SigNode)
                ...
            Catch Ex As Exception
                ...
            Finally
...
            End Try


Can you help me?
#26055
Posted: 08/07/2013 14:07:27
by Eugene Mayevski (EldoS Corp.)

Thank you for the report. Did you test our sample projects? Do they expose the issue?

You can find the sample projects in <SecureBlackbox>\Samples\VB.NET\XMLBlackbox folder. It's better to start testing with TinySigner as it is simpler.


Sincerely yours
Eugene Mayevski
#26056
Posted: 08/07/2013 17:11:59
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi Eugene,
thanks for your reply.
I have problem also with the SimpleSigner example: with .net 4.5 library it's ok, the win certs are all with the flag PrivateKeyExists=true but with .net 4.0 for the same certs I have all PrivateKeyExists=false. I need to use .net 4.0 for compatibility with Windows XP.

Silvia
#26057
Posted: 08/07/2013 23:45:30
by Eugene Mayevski (EldoS Corp.)

Please check this FAQ article: https://www.eldos.com/security/articles/7899.php , maybe it's relevant to your case.

In general this is sounds like some .NET bug which doesn't work as expected without a patch.


Sincerely yours
Eugene Mayevski
#26058
Posted: 08/08/2013 00:53:05
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

Hi Eugene,
you're right, it's a problem with the configuration of VS2012 on my PC, if I compile the projects and run them everything works properly.
In my project I have reference to the following DLLs:
- SecureBlackBox.dll
- SecureBlackBox.PGP.dll
- SecureBlackBox.XML.dll
- SecureBlackBox.XMLSecurity.dll
To sign XAdES-BES with a certificate contained in a smart card I only need these libraries? Are all of them contained in XMLBlackbox?
#26059
Posted: 08/08/2013 00:56:57
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
To sign XAdES-BES with a certificate contained in a smart card I only need these libraries? Are all of them contained in XMLBlackbox?

Hello.

SecureBlackBox.PGP.dll is a part of OpenPGPBlackbox, but you don't need it for your task, so XMLBlackbox is enough.
#26060
Posted: 08/08/2013 01:16:30
by Eugene Mayevski (EldoS Corp.)

Actually OpenPGPBlackbox is included with XMLBlackbox to allow proper linkage.

Also if you want to add timestamping (now or later), please check this article:
https://www.eldos.com/security/articles/6872.php


Sincerely yours
Eugene Mayevski
#26062
Posted: 08/08/2013 01:19:40
by Silvia Foglietta (Basic support level)
Joined: 08/07/2013
Posts: 4

If I remove SecureBlackBox.PGP.dll the project compile properly but at runtime I obtain the following error during signature:

Could not load file or assembly 'SecureBlackbox.PGP, Version=10.0.233.0, Culture=neutral, PublicKeyToken=5a62fa96d0ac431a' or one of its dependencies.
#26063
Posted: 08/08/2013 01:29:56
by Eugene Mayevski (EldoS Corp.)

Indeed PGP assembly is needed.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1887 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!