bc-csharp icon indicating copy to clipboard operation
bc-csharp copied to clipboard
verified publisher icon bcgit

SmartCard Signature

Open israelaece opened this issue 4 years ago • 1 comments

I'm using CmsSignedDataGenerator class to generate P7S files, but when I use a certificate stored in a smart card (USB), I receive the following exception:

` var cert = Certs.Find(thumbprint: "3fe7392cfa03bec156aac0dbb231ada33fc758f6"); var pvtKey = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;

gen.AddSigner(pvtKey, ...); `

Unhandled Exception: System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

Is there some trick to use BouncyCastle to sign documents with certificates stored in USB/smartcard?

israelaece avatar Feb 01 '21 12:02 israelaece

Hello @israelaece , smart cards usually provide a PKCS11 interface. An example of how to create a p7s signature using BC and a smart card is here https://github.com/jariq/Pkcs7SignatureGenerator.

A similar method is used to sign using the Windows Cert Store for certificates that do not export private keys.

harrison314 avatar Jul 28 '22 07:07 harrison314