Pkcs11X509Certificate 无法在某些令牌中找到私钥。
Pkcs11X509Certificate.GetRSAPrivateKey() 产生空值。然后,当我运行 SignedXml.ComputeSignature() 时,我收到以下错误:
System.Security.Cryptography.CryptographicException:“未加载签名密钥。”
Pkcs11X509Certificate 无法在某些令牌中找到私钥。
Pkcs11X509Certificate.GetRSAPrivateKey() 产生空值。然后,当我运行 SignedXml.ComputeSignature() 时,我收到以下错误:
System.Security.Cryptography.CryptographicException:“未加载签名密钥。”
将以下代码(概念证明)添加到 Pkcs11X509Certificate.FindKey 有效。基本上我从搜索模板属性中删除了 CKA.CKA_LABEL并找到了证书私钥。
// Contrary to what PKCS#11 specification suggests, subject of the private key is not readable even after login.
// So if we cannot find private key with subject, we will search for private keys without subject.
if (keyHandle == null)
{
searchTemplate = new List<IObjectAttribute>()
{
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, keyClass),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId),
//session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, ckaLabel),
};
foreach (IObjectHandle foundObjectHandle in session.FindAllObjects(searchTemplate))
{
keyHandle = foundObjectHandle;
break;
}
}