Re: Signing hash
- From: Eric Boudrand <ebo2002fr@xxxxxxxx>
- Date: Thu, 15 May 2008 14:45:02 +0200
Hello Laszlo,
Thank you for your help.
I am getting the private key with CryptGetUserKey(). I have an NTE_NO_KEY error while calling CryptCreateHash(m_hCryptProvider, CALG_RSA_KEYX, m_hCryptKey, NULL, &m_hCryptHash)
If i do a CryptGetKeyParam() to m_hCryptKey with KP_ALGID, I retrieve CALG_RSA_KEYX
Call to CryptCreateHash(m_hCryptProvider, CALG_SHA1, NULL, NULL,
&m_hCryptHash) is successfull, but useless.
I got m_hCryptProvider with CryptAcquireContext(&m_hCryptProvider,
m_szContainerName, m_szCSPName, PROV_RSA_FULL, CRYPT_SILENT)
m_szContainerName = "\\.\smartcard_reader\"
m_szCSPName = "Microsoft Base Smart Card Crypto Provider"
CertGetCertificateContextProperty(dwPropId = CERT_KEY_PROV_HANDLE_PROP_ID) failed with error CRYPT_E_NOT_FOUND.
I do not understand the underlying philosophy of CSP. The most important concept seems to be key container. Am I right ? I should do a CryptAcquireContext() to a specific key container with my certificate key pair ?
Regards.
Eric Boudrand
lelteto a écrit :
How did you get to the private key? You would first get the certificate context you are interested in then get to its private key with CertGetCertificateContextProperty (dwPropId = CERT_KEY_PROV_HANDLE_PROP_ID) which returns the HCRYPTPROV handle of the smart card with the proper private key. From this point your steps are correct: hash your message the sign it. Two notes:.
(1) You need to know if the private key on the card is sign-only (in which case you have to use AT_SIGNATURE) or sign AND encrypt (in which case use AT_KEYEXCHANGE in CryptSignHash).
(2) You have to consult your smart card provider's CSP to know whether they support OIDs in signature or not - and if yes, what OIDs they support. See the dwFlags parameter.
Laszlo Elteto
SafeNet, Inc.
"Eric Boudrand" wrote:
Hello,
I am using Microsoft Base Smart Card Crypto Provider and I would like to hash and sign data with the private key of a certificate stored on a smart card compatible with this provider.
I tried CryptCreateHash(), CryptHashData(), CryptSignHash(), but it did not work. Is this the good approach ? Thank you for any advise.
Regards.
Eric
- Follow-Ups:
- Re: Signing hash
- From: lelteto
- Re: Signing hash
- References:
- Signing hash
- From: Eric Boudrand
- RE: Signing hash
- From: lelteto
- Signing hash
- Prev by Date: RE: VB.NET Win Service throws SecurityException on ServiceControll
- Next by Date: RE: VB.NET Win Service throws SecurityException on ServiceControll
- Previous by thread: RE: Signing hash
- Next by thread: Re: Signing hash
- Index(es):
Relevant Pages
|
