Error Certificate with label "PriKey" and id "" was not found
katika.pa...@stream.co.th
I have some problem with example code from here
https://www.pkcs11interop.net/extensions/pdf/_pkcs11_rsa_signature_example_8cs-example.html
I need to sign a pdf document with certificate inside the HSM.
And here are steps what I've done.
1) Create KeyPair and the CKA_Label are PubKey and Prikey
2) Generate CSR and send to CA for signing
3) Import Signed Cert into HSM (CKA_LABEL is ClientCert)
And use this following code to sign the pdf document.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.X509;
using iTextSharp.text;
using iTextSharp.text.pdf;
using iTextSharp.text.pdf.security;
using System.IO;
using Net.Pkcs11Interop.PDF;
namespace DocumentSigning
{
public class Program
{
public static void SignPdfDocument()
{
//Specify path to the unsigned PDF that will be created by this code
string unsignedPdfPath = @"D:\Hello.pdf";
//Specify path to the signed PDF that will be created by this code
string signedPdfPath = @"D:\Hello_signed.pdf";
//Create simple PDF document with iTextSharp
using (Document document = new Document(PageSize.A4, 50, 50, 50, 50))
{
using (FileStream outputStream = new FileStream(unsignedPdfPath, FileMode.Create))
{
using (PdfWriter pdfWriter = PdfWriter.GetInstance(document, outputStream))
{
document.Open();
document.Add(new Paragraph("Hello World!"));
document.Close();
}
}
}
//Do something interesting with unsigned PDF document
FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath);
//Assert.IsTrue(unsignedPdfInfo.Length > 0);
//Specify path to the unmanaged PKCS#11 library
string libraryPath = @"cryptoki.dll";
//specify serial number of the token that contains signing key. May be null if tokenLabel is specified.
string tokenSerial = null;
//Specify label of the token that contains signing key. May be null if tokenSerial is specified.
string tokenLabel = @"Example";
//Specify PIN for the token
string pin = @"1111";
//Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if CKA_ID is specified.
string ckalabel = @"PriKey";
//Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if CKA_LABEL is specified.
string ckaId = null;
//Specify hash algorithm used for the signature creation.
HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;
//Create instance of Pkcs11Signature class that allows iText to create PKCS#1v1.5 RSA signature with the private key stored on PKCS#11 compatible device.
using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckalabel, ckaId, hashAlgorithm))
{
//When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
/////////////////////THE ERROR OCCURED HERE///////////////////////////
byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
//////////////////////////////////////////////////////////////////////
//All certificates stored on the token can be usually read with GetAllCertificates() method
List<byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
//Build certificate path for the signing certificate.
ICollection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
//Read unsigned PDF document
using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
{
//Create output stream for signed PDF document.
using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
{
//Create PdfStamper that applies extra content to the PDF document.
using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
{
//Sign PDF document
MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
}
}
}
}
}
public static void Main(string[] args)
{
SignPdfDocument();
Console.ReadKey();
}
}
}
Jaroslav Imrich
--
You received this message because you are subscribed to the Google Groups "Pkcs11Interop" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11interop+unsubscribe@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
katika.pa...@stream.co.th
> To post to this group, send email to pkcs11...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/pkcs11interop.
Thanks for your info.
May I ask another question.
Why the error "Provided certificates do not contain self-signed root certificate" occurred on this line of code
Collection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
Jaroslav Imrich
Why the error "Provided certificates do not contain self-signed root certificate" occurred on this line of code
Collection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);