问题
I need to generate a PKCS#7/CMS detached signature, and I know I can do it easily that way :
byte[] data = GetBytesFromFile(cheminFichier);
X509Certificate2 certificate = null;
X509Store my = new X509Store(StoreName.My,StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certColl = X509Certificate2UI.SelectFromCollection(my.Certificates, "Test" , "Choose a certificate" , X509SelectionFlag.SingleSelection);
certificate = certColl[0];
if (certificate == null) throw new Exception("No certificates found.");
//byte [] pfxFile = certificate.Export(X509ContentType.Pfx);
//X509Certificate2 certPfx = new X509Certificate2(pfxFile);
ContentInfo content = new ContentInfo(new Oid("1.2.840.113549.1.7.1"),data);
SignedCms signedCms = new SignedCms(content, true);
CmsSigner signer = new CmsSigner(certificate);
signer.DigestAlgorithm = new Oid("SHA1"); // sha1
// create the signature
signedCms.ComputeSignature(signer);
return signedCms.Encode();
but! The users of this application imported their certificates using Strong Private Key Protection. I've found some info on that, some people say that type of case can't work in .NET framework, and that surprises me. I'd like to know if anybody has a workaround, or has a solution to this.
Basically my users give me a file name (PDF or RTF), and then I search for their certificate in the My store, I use the private key associated with it to produce the signature. I want at this moment the user to be asked to enter his Private Key password, that way the application doesn't receive the password.
来源:https://stackoverflow.com/questions/15346009/detached-pkcs7-cms-with-strong-private-key-protection