1

我读了这篇文章how can sign a file with BouncyCastle dll in c# ,我想知道是否有可能找到对存储在智能卡中的证书的支持。

我想做的是创建 P7M cades,但似乎不可能找到任何文档、.NET 类或免费库。

4

3 回答 3

4

你也可以试试这个欧盟委员会倡议的 c# 移植版本:

DSS .NET

它支持 CAdES。尝试使用 MSCAPISignatureToken 和 CookBook 中的指南

食谱

于 2014-06-09T05:25:25.843 回答
2

我将 DSS.NET 与以下代码一起使用:

using System.Security.Cryptography.X509Certificates;
using EU.Europa.EC.Markt.Dss;
using EU.Europa.EC.Markt.Dss.Signature;
using EU.Europa.EC.Markt.Dss.Signature.Cades;
using EU.Europa.EC.Markt.Dss.Signature.Token;

   private static void SignP7M(X509Certificate2 card, string sourcepath)
            {
                var service = new CAdESService();

                // Creation of MS CAPI signature token
                var token = new MSCAPISignatureToken { Cert = card };

                var parameters = new SignatureParameters
                {
                    SignatureAlgorithm = SignatureAlgorithm.RSA,
                    SignatureFormat = SignatureFormat.CAdES_BES,
                    DigestAlgorithm = DigestAlgorithm.SHA256,
                    SignaturePackaging = SignaturePackaging.ENVELOPING,
                    SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
                    SigningDate = DateTime.UtcNow
                };

                var toBeSigned = new FileDocument(sourcepath);

                var iStream = service.ToBeSigned(toBeSigned, parameters);

                var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);

                var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);

                var dest = sourcepath + ".p7m";
                if (File.Exists(dest)) File.Delete(dest);
                var fout = File.OpenWrite(dest);
                signedDocument.OpenStream().CopyTo(fout);
                fout.Close();
            }

您可以通过两种方式获得该卡:

  • 从证书商店
  • 从证书序列号

这里的样本:

public static X509Certificate2 GetCertificate(string _certSn)
        {
            //selezione del token di firma

            var st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            st.Open(OpenFlags.ReadOnly);
            var col = st.Certificates;
            var card = col.Cast<X509Certificate2>().FirstOrDefault(t => t.SerialNumber == _certSn);

            st.Close();

            return card;
        }


public static X509Certificate2 selectCert(StoreName store, StoreLocation location, string windowTitle, string windowMsg)
{

    X509Certificate2 certSelected = null;
    X509Store x509Store = new X509Store(store, location);
    x509Store.Open(OpenFlags.ReadOnly);

    X509Certificate2Collection col = x509Store.Certificates;
    X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, windowTitle, windowMsg, X509SelectionFlag.SingleSelection);

    if (sel.Count > 0)
    {
        X509Certificate2Enumerator en = sel.GetEnumerator();
        en.MoveNext();
        certSelected = en.Current;
    }

    x509Store.Close();

    return certSelected;
}
于 2015-08-21T09:40:09.387 回答
-1

如果智能卡映射到 Windows 证书存储,那么您可以使用通过 CryptoAPI 提供的证书。如果智能卡可通过 PKCS#11 获得,您可以使用我们的 SecureBlackbox 产品的PKIBlackbox包来使用它。PKIBlackbox 还支持 CAdES 格式,而不仅仅是 PKCS#7/CMS。

于 2013-07-17T17:09:59.730 回答