我读了这篇文章how can sign a file with BouncyCastle dll in c# ,我想知道是否有可能找到对存储在智能卡中的证书的支持。
我想做的是创建 P7M cades,但似乎不可能找到任何文档、.NET 类或免费库。
我读了这篇文章how can sign a file with BouncyCastle dll in c# ,我想知道是否有可能找到对存储在智能卡中的证书的支持。
我想做的是创建 P7M cades,但似乎不可能找到任何文档、.NET 类或免费库。
我将 DSS.NET 与以下代码一起使用:
using System.Security.Cryptography.X509Certificates;
using EU.Europa.EC.Markt.Dss;
using EU.Europa.EC.Markt.Dss.Signature;
using EU.Europa.EC.Markt.Dss.Signature.Cades;
using EU.Europa.EC.Markt.Dss.Signature.Token;
private static void SignP7M(X509Certificate2 card, string sourcepath)
{
var service = new CAdESService();
// Creation of MS CAPI signature token
var token = new MSCAPISignatureToken { Cert = card };
var parameters = new SignatureParameters
{
SignatureAlgorithm = SignatureAlgorithm.RSA,
SignatureFormat = SignatureFormat.CAdES_BES,
DigestAlgorithm = DigestAlgorithm.SHA256,
SignaturePackaging = SignaturePackaging.ENVELOPING,
SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
SigningDate = DateTime.UtcNow
};
var toBeSigned = new FileDocument(sourcepath);
var iStream = service.ToBeSigned(toBeSigned, parameters);
var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);
var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);
var dest = sourcepath + ".p7m";
if (File.Exists(dest)) File.Delete(dest);
var fout = File.OpenWrite(dest);
signedDocument.OpenStream().CopyTo(fout);
fout.Close();
}
您可以通过两种方式获得该卡:
这里的样本:
public static X509Certificate2 GetCertificate(string _certSn)
{
//selezione del token di firma
var st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
st.Open(OpenFlags.ReadOnly);
var col = st.Certificates;
var card = col.Cast<X509Certificate2>().FirstOrDefault(t => t.SerialNumber == _certSn);
st.Close();
return card;
}
public static X509Certificate2 selectCert(StoreName store, StoreLocation location, string windowTitle, string windowMsg)
{
X509Certificate2 certSelected = null;
X509Store x509Store = new X509Store(store, location);
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = x509Store.Certificates;
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, windowTitle, windowMsg, X509SelectionFlag.SingleSelection);
if (sel.Count > 0)
{
X509Certificate2Enumerator en = sel.GetEnumerator();
en.MoveNext();
certSelected = en.Current;
}
x509Store.Close();
return certSelected;
}
如果智能卡映射到 Windows 证书存储,那么您可以使用通过 CryptoAPI 提供的证书。如果智能卡可通过 PKCS#11 获得,您可以使用我们的 SecureBlackbox 产品的PKIBlackbox包来使用它。PKIBlackbox 还支持 CAdES 格式,而不仅仅是 PKCS#7/CMS。