[Mono-list] Can SignedCms be usable?

Mathias Tausig mtausig at fsmat.at
Tue Jun 3 09:27:19 EDT 2008

> On Tue, 2008-06-03 at 10:34 +0200, Mathias Tausig wrote:
>> >> unless you know the details of the private
>> >> key?
>> >
>> > No sure if I understand your meaning. Windows tends to "hide" the
>> > private keys (in it's stores) from the users. However there's nothing
>> > you can do, with them, unless you know their "details" (i.e. at least
>> > how to access or use, not necessarily read, it).
>> >
>> What I mean is, that it obviously only works with software keys but not
>> with hardware tokens (which can be used via an overloaded
>> AsymetricAlgorithm class in SignedXml).
> What is the basis of this "obvious" assertion ? The API is identical so
> it should[1] work with either software or hardware[2] based crypto.
> However your job may be a bit more complex if your hardware does not
> provide the same level of functionality as the API requires.

I've looked through some code samples and the msdn articles on the Cms
classes and that lead me to the assumption the code uses windows specific
stuff (windows certificate store, installed CSPs) to get hold of the
private key which makes it impossible for me to use it non non-windows
systems with a smartcard.

> [1] it's a bit more complex under MS implementation since the [RSA|
> DSA]CryptoServiceProvider are special cases that do not play well with
> other, more general, classes. A possible solution is to supply a native
> CSP and use the *CryptoServiceProvider to access it (but that won't work
> on Mono).

I guess that writing my own CSP is not really an option, especially since
I want a portable program.

> [2] some hardware, like smartcards, have limitations that does not fit
> well with (most) cryptographic API. E.g. some will do the padding
> themselves and that, in the .NET framework case, will require you to
> provider your own [Def|F]ormatter classes.
> Sebastien
> p.s. you jumped from SignedCms to SignedXml ;-)
 On Purpose. I just wanted to state, that what I want to worked for me for
SignedXml (by deriving from RSA, and with your help, of course :-) ) but
does not seem to work for PKCS#7 signatures, at least wast of windows ...


More information about the Mono-list mailing list