Geek Answers Handbook

How to get information from a security token using C #

I need users of my applications to sign their approvals using their personal USB security token.

I managed to sign the data, but I could not get information about which token was used for this.

Here is the code that I still have:

CspParameters csp = new CspParameters(1, "SafeNet RSA CSP"); csp.Flags = CspProviderFlags.UseDefaultKeyContainer; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp); // Create some data to sign. byte[] data = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }; Console.WriteLine("Data : " + BitConverter.ToString(data)); // Sign the data using the Smart Card CryptoGraphic Provider. byte[] sig = rsa.SignData(data, "SHA1"); Console.WriteLine("Signature : " + BitConverter.ToString(sig));

There is a field in the token information called the "Token Name". How can I access this field to confirm that the token was used to sign the approval?

enter image description here

Additional information and update:

  • "Token Name" always matches the name of the owner (the user who owns the USB token)
  • It seems that this is not possible, perhaps there is a web service or I need to call to get information directly from the certification body.
+6
source share
1 answer

When I asked a question, my approach to digital certificates was very simple, so the question was not asked properly. Now I understand that I need to access the certificate from the smart card device, request its attributes and check if the user can enter a strong PIN for it.

Here is the code I used for this:

 //Prompt the user with the list of certificates on the local store. //The user have to select the certificate he wants to use for signing. //Note: All certificates form the USB device are automatically copied to the local store as soon the device is plugged in. X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509CertificateCollection certificates = X509Certificate2UI.SelectFromCollection(store.Certificates, "Certificados conocidos", "Por favor seleccione el certificado con el cual desea firmar", X509SelectionFlag.SingleSelection ); store.Close(); X509Certificate2 certificate = null; if (certificates.Count != 0) { //The selected certificate certificate = (X509Certificate2)certificates[0]; } else { //The user didn't select a certificate return "El usuario cancelรณ la selecciรณn de un certificado"; } //Check certificate atributes to identify the type of certificate (censored) if (certificate.Issuer != "CN=............................., OU=................., O=..., C=US") { //The selected certificate is not of the needed type return "El certificado seleccionado no corresponde a un token ..."; } //Check if the certificate is issued to the current user if (!certificate.Subject.ToUpper().Contains(("E=" + pUserADLogin + "@censoreddomain.com").ToUpper())) { return "El certificado seleccionado no corresponde al usuario actual"; } //Check if the token is currently plugged in XmlDocument xmlDoc = new XmlDocument(); XmlElement element = xmlDoc.CreateElement("Content", SignedXml.XmlDsigNamespaceUrl.ToString()); element.InnerText = "comodin"; xmlDoc.AppendChild(element); SignedXml signedXml = new SignedXml(); try { signedXml.SigningKey = certificate.PrivateKey; } catch { //USB Token is not plugged in return "El token no se encuentra conectado al equipo"; } DataObject dataObject = new DataObject(); dataObject.Data = xmlDoc.ChildNodes; dataObject.Id = "CONTENT"; signedXml.AddObject(dataObject); Reference reference = new Reference(); reference.Uri = "#CONTENT"; signedXml.AddReference(reference); //Attempt to sign the data. The user will be prompted to enter his PIN try { signedXml.ComputeSignature(); } catch { //User didn't enter the correct PIN return "Hubo un error confirmando la identidad del usuario"; } //The user has signed with the correct token return String.Format("El usuario {0} ha firmado exitosamente usando el token con serial {1}", pUserADLogin, certificate.SerialNumber);

Sources:

http://stormimon.developpez.com/dotnet/signature-electronique/ (en Francais) https://www.simple-talk.com/content/print.aspx?article=1713 (in English)

+4
source

More articles:


All Articles