[Mono-list] Can SignedCms be usable?
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Jun 3 08:15:24 EDT 2008
On Tue, 2008-06-03 at 10:34 +0200, Mathias Tausig wrote:
> >> unless you know the details of the private
> >> key?
> >
> > No sure if I understand your meaning. Windows tends to "hide" the
> > private keys (in it's stores) from the users. However there's nothing
> > you can do, with them, unless you know their "details" (i.e. at least
> > how to access or use, not necessarily read, it).
> >
>
> What I mean is, that it obviously only works with software keys but not
> with hardware tokens (which can be used via an overloaded
> AsymetricAlgorithm class in SignedXml).
What is the basis of this "obvious" assertion ? The API is identical so
it should[1] work with either software or hardware[2] based crypto.
However your job may be a bit more complex if your hardware does not
provide the same level of functionality as the API requires.
[1] it's a bit more complex under MS implementation since the [RSA|
DSA]CryptoServiceProvider are special cases that do not play well with
other, more general, classes. A possible solution is to supply a native
CSP and use the *CryptoServiceProvider to access it (but that won't work
on Mono).
[2] some hardware, like smartcards, have limitations that does not fit
well with (most) cryptographic API. E.g. some will do the padding
themselves and that, in the .NET framework case, will require you to
provider your own [Def|F]ormatter classes.
Sebastien
p.s. you jumped from SignedCms to SignedXml ;-)
More information about the Mono-list
mailing list