0

Pkcs11X509Certificate 无法在某些令牌中找到私钥。

Pkcs11X509Certificate.GetRSAPrivateKey() 产生空值。然后,当我运行 SignedXml.ComputeSignature() 时,我收到以下错误:

System.Security.Cryptography.CryptographicException:“未加载签名密钥。”

4

1 回答 1

0

将以下代码(概念证明)添加到 Pkcs11X509Certificate.FindKey 有效。基本上我从搜索模板属性中删除了 CKA.CKA_LABEL并找到了证书私钥。

// Contrary to what PKCS#11 specification suggests, subject of the private key is not readable even after login.
// So if we cannot find private key with subject, we will search for private keys without subject. 
if (keyHandle == null)
{
    searchTemplate = new List<IObjectAttribute>()
    {
        session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, keyClass),
        session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
        session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId),
        //session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, ckaLabel),
    };

    foreach (IObjectHandle foundObjectHandle in session.FindAllObjects(searchTemplate))
    {
        keyHandle = foundObjectHandle;
        break;
    }
}
于 2021-11-19T05:14:06.660 回答