发表新帖
发表新帖

Sign data using smart card's private key with ASP.NET, Windows Authentication, and Impersonation

后端 未结
关注
3 1608
既然无缘
既然无缘 2021-01-07 03:36

I want to know if it is possible to sign data using a smart card\'s private key without resorting to a java applet or activex control.

I am tant

相关标签:
3条回答
  • 旧巷少年郎
    2021-01-07 03:51

    The reason you are getting access denied is because you are trying to access the private key and have not passed the PIN to the card. (I believe)

    Private Key functions require the PIN. Also.. You need to Acquire the card context using the winscard.dll

    You can check this out.

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa379886(v=vs.85).aspx

    You also need to use the Smart Card CSP.. Windows has a native one in 7 and above called the smart card mini driver.

    I am attempting the same thing ... If I get further I will post back a sample...

    0 讨论(0)
  • 渐次进展
    2021-01-07 03:55

    It is not possible to use the user's private key on the Server. This would effectively nullify the benefits of using a Smart Card. In fact, security operations will be performed ON the Smart Card.

    Strategy for Supporting Smart Cards

    Microsoft views smart cards as a key component of its Public Key Infrastructure (PKI) support. Smart cards enhance software-only solutions, such as client authentication, interactive logon, and secure e-mail. Smart cards are a point of convergence for public-key certificates and associated keys because they:

    • Provide tamper-resistant storage for protecting private keys and other forms of personal information.
    • Isolate security-critical computations involving authentication, digital signatures, and key exchanges from other parts of the system.
    • Enable portability of credentials and other private information between computers at work, at home, or for mobile users.

    Source: Smart Card Concepts

    As you can see, one key aspect is to isolate security critical operations from the rest of the system. The only way to perform encryption with the user's private key is to use the Smart Card reader (the hardware itself). Since there's no way to access the client's hardware from a server side ASP.NET webpage what you try to do isn't possible.

    The only way to achieve this is to use a client side component.

    0 讨论(0)
  • 忘掉有多难
    2021-01-07 03:55

    You could try this first:

    store.Open(OpenFlags.ReadOnly);
cert = store.Certificates[0];
store.Close();
    0 讨论(0)
 看不清?
提交回复
热议问题