Provider's public key is invalid
Del Brocco Andrea
I'm using visual studio 2008
public static byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert,
bool detached)
{
// Place message in a ContentInfo object.
// This is required to build a SignedCms object.
ContentInfo contentInfo = new ContentInfo(msg);
// Instantiate SignedCms object with the ContentInfo
above.
// Has default SubjectIdentifierType
IssuerAndSerialNumber.
SignedCms signedCms = new SignedCms(contentInfo,
detached);
// Formulate a CmsSigner object for the signer.
CmsSigner cmsSigner = new CmsSigner(signerCert);
// Include the following line if the top certificate in
the
// smartcard is not in the trusted list.
cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;
// Sign the CMS/PKCS #7 message. The second argument is
// needed to ask for the pin.
signedCms.ComputeSignature(cmsSigner, false);
// Encode the CMS/PKCS #7 message.
return signedCms.Encode();
}
I have installed the certificate in the storage, when i encrypt it ask
the pin and sign succesfully.
In windows 2003 with the same smart card and different readers i'm be
able succesfully to sign a file and produce a pm7 sucessfully, or sign
a PDF.
The same code with same card throw "Provider's public key is invalid"
exception in vista, i've tryed 3 different pc with vista and different
smart card, with 2003 works fine in vista no.
I'm trying to investigate ACL in certificate store but unsuccesfully.
TIA
Andrea Del Brocco
Mounir IDRASSI
Can you tell us which part of the code is throwing the exception?
Also, are using a regular CSP to access the card under vista or is it done
using a card module (through the Microsoft Base Smart Card Crypto Provider)?
How do you populate the certificate store with the smart card's
certificates? you have to check if the information put on the store are
correct. To help you do that, you can use a small .NET utility program I
developed to show the detailed content of the certificate stores. You can get
it from here :
http://www.idrix.fr/Root/Samples/StoreExplorer.zip
and its screenshot : http://www.idrix.fr/Root/Samples/StoreExplorer.jpg
I think with all these clarifications, we can find easily where the problem
is coming from.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Del Brocco Andrea
> Hi Andrea,
>
> Can you tell us which part of the code is throwing the exception?
> Also, are using a regular CSP to access the card under vista or is it done
> using a card module (through the Microsoft Base Smart Card Crypto Provider)?
> How do you populate the certificate store with the smart card's
> certificates? you have to check if the information put on the store are
> correct. To help you do that, you can use a small .NET utility program I
> developed to show the detailed content of the certificate stores. You can get
> it from here :
>
> http://www.idrix.fr/Root/Samples/StoreExplorer.zip
>
> and its screenshot :http://www.idrix.fr/Root/Samples/StoreExplorer.jpg
>
> I think with all these clarifications, we can find easily where the problem
> is coming from.
>
> Cheers,
> --
> Mounir IDRASSI
>
> - Mostra testo citato -
Thanks i send you an email with all infos
Mounir IDRASSI
I think I found the origin of the problem. The error is certainly coming
from an internal check done by Crypto API on the public key contained in the
certificate. In your case, and for some reason, this public key is different
from the one returned by the CSP using CryptExportKey with PUBLICKEYBLOB.
Maybe you are using static container names and the certificate contexts on
the MY store didn't get updated so you have "old" ones pointing to new
containers that use the same names as there predecessors.
How do you populate the MY certificate store? Did you check cleaning the
certificate store, removing the card and then inserting it back? The ideal is
to have a tool that exports the public key from the certificate context and
from the CSP container and then compares them.
What do you think of that?
Cheers,
--
Mounir IDRASSI
IDRIX
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"Del Brocco Andrea" wrote:
> On 4 Ago, 12:35, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> > Hi Andrea,
> >
> > Can you tell us which part of the code is throwing the exception?
> > Also, are using a regular CSP to access the card under vista or is it done
> > using a card module (through the Microsoft Base Smart Card Crypto Provider)?
> > How do you populate the certificate store with the smart card's
> > certificates? you have to check if the information put on the store are
> > correct. To help you do that, you can use a small .NET utility program I
> > developed to show the detailed content of the certificate stores. You can get
> > it from here :
> >
> > http://www.idrix.fr/Root/Samples/StoreExplorer.zip
> >
> > and its screenshot :http://www.idrix.fr/Root/Samples/StoreExplorer.jpg
> >
> > I think with all these clarifications, we can find easily where the problem
> > is coming from.
> >
> > Cheers,
> > --
> > Mounir IDRASSI
> > IDRIXhttp://www.idrix.fr
> >
> > To reach me: mounir_idrix_fr (replace the underscores with the at and dot
> > characters respectively)
> >
>
Del Brocco Andrea
The problem is that i have tried with 3 diferent machines on vista
different flavours (hoe pro, business and enterprise) all with the
same problem, i use also two different cards, in 2003 installation all
goes well.
maybe the CSP implementation ??
On 8 Ago, 02:49, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi Andrea,
>
> I think I found the origin of the problem. The error is certainly coming
> from an internal check done by Crypto API on thepublickeycontained in the
> certificate. In your case, and for some reason, thispublickeyis different
> from the one returned by the CSP using CryptExportKey with PUBLICKEYBLOB.
> Maybe you are using static container names and the certificate contexts on
> the MY store didn't get updated so you have "old" ones pointing to new
> containers that use the same names as there predecessors.
> How do you populate the MY certificate store? Did you check cleaning the
> certificate store, removing the card and then inserting it back? The ideal is
> to have a tool that exports thepublickeyfrom the certificate context and
> from the CSP container and then compares them.
> What do you think of that?
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> To reach me: mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "Del Brocco Andrea" wrote:
> > On 4 Ago, 12:35, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> > > Hi Andrea,
>
> > > Can you tell us which part of the code is throwing the exception?
> > > Also, are using a regular CSP to access the card under vista or is it done
> > > using a card module (through the Microsoft Base Smart Card CryptoProvider)?
> > > How do you populate the certificate store with the smart card's
> > > certificates? you have to check if the information put on the store are
> > > correct. To help you do that, you can use a small .NET utility program I
> > > developed to show the detailed content of the certificate stores. You can get
> > > it from here :
>
> > >http://www.idrix.fr/Root/Samples/StoreExplorer.zip
>
> > > and its screenshot :http://www.idrix.fr/Root/Samples/StoreExplorer.jpg
>
> > > I think with all these clarifications, we can find easily where the problem
> > > is coming from.
>
> > > Cheers,
> > > --
> > > Mounir IDRASSI
> > > IDRIXhttp://www.idrix.fr
>
> > > To reach me: mounir_idrix_fr (replace the underscores with the at and dot
> > > characters respectively)
>
> > Thanks i send you an email with all infos- Nascondi testo citato