C# Cades P7M with Smartcard

问题

I read this post how can sign a file with BouncyCastle dll in c# and I would to know if it is possible found some support for certificates stored in smartcard.

What I'm trying to do is to create P7M cades but it seems impossibile to found any dopcumentation, .NET classes or free library.

回答1:

You can also try this c# ported version of an European Commission initiative:

DSS .NET

It supports CAdES. Try using the MSCAPISignatureToken and the guide in the CookBook

CookBook

回答2:

I used DSS.NET with this code:

using System.Security.Cryptography.X509Certificates;
using EU.Europa.EC.Markt.Dss;
using EU.Europa.EC.Markt.Dss.Signature;
using EU.Europa.EC.Markt.Dss.Signature.Cades;
using EU.Europa.EC.Markt.Dss.Signature.Token;

   private static void SignP7M(X509Certificate2 card, string sourcepath)
            {
                var service = new CAdESService();

                // Creation of MS CAPI signature token
                var token = new MSCAPISignatureToken { Cert = card };

                var parameters = new SignatureParameters
                {
                    SignatureAlgorithm = SignatureAlgorithm.RSA,
                    SignatureFormat = SignatureFormat.CAdES_BES,
                    DigestAlgorithm = DigestAlgorithm.SHA256,
                    SignaturePackaging = SignaturePackaging.ENVELOPING,
                    SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
                    SigningDate = DateTime.UtcNow
                };

                var toBeSigned = new FileDocument(sourcepath);

                var iStream = service.ToBeSigned(toBeSigned, parameters);

                var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);

                var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);

                var dest = sourcepath + ".p7m";
                if (File.Exists(dest)) File.Delete(dest);
                var fout = File.OpenWrite(dest);
                signedDocument.OpenStream().CopyTo(fout);
                fout.Close();
            }

You can get the card in two ways:

• from cert store
• from cert serial number

here the samples:

public static X509Certificate2 GetCertificate(string _certSn)
        {
            //selezione del token di firma

            var st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            st.Open(OpenFlags.ReadOnly);
            var col = st.Certificates;
            var card = col.Cast<X509Certificate2>().FirstOrDefault(t => t.SerialNumber == _certSn);

            st.Close();

            return card;
        }


public static X509Certificate2 selectCert(StoreName store, StoreLocation location, string windowTitle, string windowMsg)
{

    X509Certificate2 certSelected = null;
    X509Store x509Store = new X509Store(store, location);
    x509Store.Open(OpenFlags.ReadOnly);

    X509Certificate2Collection col = x509Store.Certificates;
    X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, windowTitle, windowMsg, X509SelectionFlag.SingleSelection);

    if (sel.Count > 0)
    {
        X509Certificate2Enumerator en = sel.GetEnumerator();
        en.MoveNext();
        certSelected = en.Current;
    }

    x509Store.Close();

    return certSelected;
}

回答3:

If the smartcard is mapped to Windows Certificate storage, then you can use certificates available via CryptoAPI. If the smartcard is available via PKCS#11, you can use PKIBlackbox package of our SecureBlackbox product to use it. Also PKIBlackbox supports CAdES format, not just PKCS#7/CMS.

来源：https://stackoverflow.com/questions/17706020/c-sharp-cades-p7m-with-smartcard