SignedXml, X509Certificate2 and certificates with *Strong* protection

I have tried to use the System.Security.Cryptography.Xml.SignedXml class  
to sign an Xml message with Xml-DSIG and using an Enveloped signature type  
and the sha1RSA algorithm. Everything works fine with soft certificates  
and some smartcard based certificates. I'm using X509Certificate2 to hold  
the certificates. My problem is that our customers is forced (by law!) to  
use a smart-card based personal certificate with strong protection. That  
is a certificate that can't be accessed without the user being informed.  
If a message is to be signed, the user will have to punch his pin code for  
every message he?s signing. When I try to get the  
X509Certificate2.PrivateKey property to set the SigningKey property in the  
SignedXml class, it fails. I found a link to a message indicating the  
reason why: http://www.ureader.com/message/200413.aspx. It says there:  
"noticed that the CryptAcquireCertificatePrivateKey() call  was using a  
"silent" flag". It looks like the X509Certificate2 class is using  
CryptoApi, and the PrivateKey property's get method is using  
CryptAcquireCertificatePrivateKey() with the second parameter including  
the CRYPT_ACQUIRE_SILENT_FLAG. That will not work with these certificates.

Now to my question: Is there any way to circumvent this? If the SignedXml  
class could compute and expose the Hash-value, I could use InterOp and  
write a small c++ routine that signs the hash, and returns the signature,  
but it looks like the ComputeSignature is an atomic operation preventing  
any customization. I already have working c++ code for signing a hash  
using certificates with strong protection, using CryptoApi, but I hoped I  
didn't have to write all the Xml-handling myself, but could use the  
SignedXml class for that. Or most preferable: Force X509Certificate2 to  
allow the CSP to show the PIN-dialog before returning the algorithm.


Regards

Rune Nergard
0
rahn1 (1)
6/15/2006 9:13:09 AM
dotnet.xml 7266 articles. 0 followers. Follow

2 Replies
629 Views

Similar Articles

[PageSpeed] 21

Hi Rune,

The dotnet.xml newsgroup is mainly for Xml discussions. Since your question 
is about signing and security, besides posting in dotnet.security group, 
you can also post in the following one. There might be more professionals 
who can help you there. HTH.

microsoft.public.security.crypto

Kevin Yu
Microsoft Online Community Support

============================================================================
==========================
When responding to posts, please "Reply to Group" via your newsreader so 
that others may learn and benefit from your issue. 
============================================================================
==========================

(This posting is provided "AS IS", with no warranties, and confers no 
rights.)

0
v-kevy (347)
6/16/2006 5:17:54 AM
Hello!
You wrote  on Thu, 15 Jun 2006 11:13:09 +0200:

 RN> using CryptoApi, but I hoped I  didn't have to write all the
 RN> Xml-handling myself, but could use the  SignedXml class for that. Or
 RN> most preferable: Force X509Certificate2 to  allow the CSP to show the 
PIN-dialog
 RN> before returning the algorithm.

If you don't find an easier-to-use solution, check our XMLBlackbox  ( 
http://www.eldos.com/sbb/net-xml.php )

With best regards,
Eugene Mayevski
http://www.SecureBlackbox.com - the comprehensive component suite for 
network security 

0
mayevski (1)
6/17/2006 7:47:09 AM
Reply:

Similar Artilces:

Gift Certificates #7
I have a question that is probably more of a workflow related question. We have an implementation of RMS that is configured to issue gift certificates and vouchers. My question is how they get counted from a sales perspective. Lets say you have a gift certificate for a $100. A customer comes in to redeem that gift certificate for a $100 item. I would expect total sales for both transactions to be $100, however, RMS shows that the total is $200. If anyone could validate if this is correct and the general phylosphy around it, that would be great. Thanks in advance .... I'm no expert, ...

Hurray !!!! Passed Certifications Exam
Hurray !!!! Passed Certifications Exam Hello, Visit http://freeexamking.com/vendor.asp?v=7 to download all real exams actual questions and answers certification exams dumps like MCSE, MCTS, MBS, SCJB, A+, CCIE, CCNA, CCNP, Oracle 10g 9i, IBM, HP, Vmware and many more. ============================================================================= ...

MAKE ALL IT CERTIFICATIONS
MAKE ALL IT CERTIFICATIONS - A PIECE OF CAKE Hello Friends, Now all IT Certifications like MCSE, MCTS, MBS, SCJB, A+, CCIE, CCNA, CCNP, Oracle 10g 9i, IBM, HP, Vmware and many more are made a Piece of Cake. Visit Now http://www.FreeExamKing.com and become an IT Certified in first attempt. ...

To MVPs who installed OS 10.4: Tiger Keychain Access will NOT import MS certificates; MS article out of date
Help, please? When I asked a few days ago how to import the Microsoft Intermediate Certificate and Microsoft Entity Certificate from Panther's Users/~/Library/Keychains to Tiger's Users/~/Library Keychains J.E. McGimpsey thoughtfully responded "See: <http://support.microsoft.com/default.aspx?scid=kb;en-us;887413> Unfortunately, Tiger's Keychain Access Utility does is very different from Panther's, and the article at the above address refers to ways to import or re-create that no longer work. If I go into the Finder, I clearly see the two certificates in my user...

Workbook protection help
Recently one of my end-users has discovered a macro which allows th workbook protection password to be removed. This means she now has ful read-write access to the spreadsheet. Is there anyway for me to regain control? I can't use macros becaus they can be disabled. She needs read access but I want to prevent he from editing cell values or seeing formulas. I am using Excel 2002. Thanks for any help ----------------------------------------------- ~~ Message posted from http://www.ExcelTip.com ~~View and post usenet messages directly from http://www.ExcelForum.com Maybe you could get ...

Using Find on a protected worksheet
I have unlocked and unhiden all the cells I want to be able to searc and protected my worksheet with a password. When I try to use the exce Find It will not find anything. If I unprotect the sheet the find work great. When protecting I am allowing users to select unlocked cells only. have tried enabling all of the "allow" options but nothing works. I am using Excel 2003. How can I use FIND on a protected worksheet?? -- Message posted from http://www.ExcelForum.com Please disregard... For some strange reason it is working now... I hav no clue why.... HOWEVER! I really do NOT want...

line of credit
i set up a line of credit acct in money 2003 tied to my checking account. this is credit card acting like an overdraft protection acct. if i overdraw my chekcing acct, it deposits money into the checking acct. cannot figure out how to track this in money. should i do it as with a credit card - track the "expense" (deposits into my checking acct) in the line of credit acct, and then treat the payments to the line of credit account from the checking acct as transfers? No new expense is involved here. The only expense will be the interest added to the ODP account. Just do a tr...

How do I lock the Column without Protecting the Sheet
I want to Lock a Column without protecting the sheet. the user can enter anything in other columns but he/she should not alter anything in particular column that i locked Protecting the sheet is - by far - the easiest way, otherwise you must useVBA to capture and deny changes to that column. I think you'd have to be pretty elaborate, too, to trap all potential changes. "sgmoorthy" wrote: > I want to Lock a Column without protecting the sheet. > the user can enter anything in other columns but he/she should not alter > anything > in particular column that i loc...

XmlDsigC14NTransform signedXml.ComputeSignature()
1. signedXml.ComputeSignature() outputs a digest value of something. what is it? I mean, how can i get it? I get the canonical form of my xml with XmlDsigC14NTransform then digest it but the digest value is different. 2.signedXml.ComputeSignature() uses XmlDsigC14NTransform. But how? What are the parameters? I also need to obtain canonicalized XML in C14N format, but I haven't discovered how to do it. When I compare the DigestValue gen'd by ComputeSignature and my own DigestValue gen'd using ComputeHash, I get different values, but only when namespaces are involved. "Lemba...

Protect all Sheets
I would like a macro that will protect all sheets in a workbook. However, to confuse things I would like them all to be protected with the protection settings that currently apply to each sheet (eg. Allow cell formatting, etc). Hopefully this is possible...... ...

Certificate Request: Who am I?
I am purchasing a CA issued certificate for the purpose of enabling ActiveSync and OWA. Please forgive my likely mis-use of terminology. I hope I get the message right. We have been using the following configuration for several years: company.com = 68.x.x.1 via our name server A record. mail.company.com = 68.x.x.2 via our MX record. company.us = 68.x.x.2 (the same IP as mail.company.com) 68.x.x.1 is the outside interface of a PIX firewall that only accepts port 80 traffic for our web site. 68.x.x.2 is the outside interface of a second PIX firewall that only accepts SMTP ...

Beta testing an Excel 2007 certification test
In case anyone is interested, there is a free Beta test of an MS Excel 2007 Certification test available at Brainbench.com. Here is the link to find the test: http://www.brainbench.com/xml/bb/common/testcenter/betatests.xml This is not an advertisement, just a chance to test your knowledge and tell us about the test. Tracey Kelly Test Development Manager Brainbench, a PreVisor Company www.brainbench.com www.previsor.com TKelly <tke...@previsor.com> wrote... .... >This is not an advertisement, just a chance to test your knowledge >and tell us about the test. .... OK, it's s...

certificate for rpc over http
I'm running my own server (win203 server, iis6) and have setup a CA to issue a self signed certificate for use on my website. A user visiting my https internet site for the first time is prompted with the Security Alert stating: "the certificate is issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." The problem is when they choose to view the cert and click the "Install Certificate" button the Cert Import Wizard confirms "the import was successful" but the imported ce...

protecting cells
I am using Excel 2007. I want to keep a group of cells from being edited/sorted and still use the data from those cells. Is this possible? If so how do I do it. Maybe you can put them on a different sheet, and protect (and hide) that sheet. Hope this helps. Pete On Sep 30, 1:22=A0pm, "Joe" <jkathr...@cox.net> wrote: > I am using Excel 2007. I want to keep a group of cells from being > edited/sorted and still use the data from those cells. Is this possible? = If > so how do I do it. ...

SOS. Hide, protect and disable design view for ms access
SOS. Pls assist me to hide, protect n disable design view for ms access 2007.A ,ilion thanks 4 your kind touch. Regards, warba On Tue, 11 Dec 2007 10:53:37 -0800 (PST), warba60@gmail.com wrote: Database Tools > Make ACCDE -Tom. >SOS. Pls assist me to hide, protect n disable design view for ms >access 2007.A ,ilion thanks 4 your kind touch. > > >Regards, warba On Dec 12, 11:54 am, Tom van Stiphout <no.spam.tom7...@cox.net> wrote: > On Tue, 11 Dec 2007 10:53:37 -0800 (PST), warb...@gmail.com wrote: > > Database Tools > Make ACCDE > > -Tom. > &...

Checkbox for protection
I am new to excel, but have created a sheet that will allow a user t enter the time they start work, leave for lunch, return from lunch an clock out to go home along with a couple other functions. What I would like, and I saw on another sheet is a check box that whe checked will lock certain cells and hide the formula so the user ca not type in them. I have searched and read everywhere but can not seem to find the righ 'command' or coding. Can someone please point me in the right direction. Thanks, lilbpa -- Message posted from http://www.ExcelForum.com I can creat a simple macro a...

VB.NET http web request with client certificate
Hello! I need to send simple web request to a server that have network credentials + requires client certificate. I used the following code for network credentials, what should I do next to pass client certificate? Dim myURL As String = "https://someurl:portno" Try Dim request As HttpWebRequest request = HttpWebRequest.Create(myURL) request.Credentials = New Net.NetworkCredential("user", "pass") Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse) ...

Edit datalabel positions in a protected chart
Hi: I have a password protected chart. Users print it but do not edit it. Now, I want them to be able to edit only the position of the datalabels. How would I do it? Please help. Joy I don't believe XL supports that fine a level of control over charts. -- Regards, Tushar Mehta www.tushar-mehta.com Excel, PowerPoint, and VBA add-ins, tutorials Custom MS Office productivity solutions In article <936885B6-FF62-4724-87CC-C1854EE82865@microsoft.com>, Joy@discussions.microsoft.com says... > Hi: > > I have a password protected chart. Users print it but do not edit it. &g...

ENTOURAGE PASSWORD PROTECTION
Version: 2004 Operating System: Mac OS X 10.4 (Tiger) HOW CAN I SET UP ENTOURAGE SO THAT EACH TIME I OPEN THE APPLICATION IT ASKS FOR MY PASSWORD? I DO NOT WANT IT TO ASK EACH TIME I SEND/RECEIVE, ONLY WHEN I RE-OPEN THE APPLICATION. ANY HELP WOULD BE MOST APPRECIATED! THANKS! First, turn off the Caps Lock. It's difficult to read & is regarded as the equivalent of SHOUTING. Most programs - including Entourage - do not offer any such capability. If you want to regulate access to software or services it should be handle through account administration in OS X System Preferences, n...

Unable to find manifest signing certificate in the certificate store.
I inherited a Console program written in CSharp. I'm trying to make sense of it, so I tried to step through it in the debugger, but when I do I get an error message: "Unable to find manifest signing certificate in the certificate store." I pretty skilled in CSharp (though self-taught) but I really know nothing about certificates. Can someone help me here? How do I get around this? What does it do for me? How was it created? TIA, Dom ...

protect worksheet
I set protection to my worksheet, but it does not work. There are some parts in the worksheet that the protection does not work and can edit. Why protection does not apply to whole worksheet? How can I fix it? Could you please help me? Thanks, selen Format cell - Protection Make sure there's a checkmark in the Locked field. -- Best Regards, Luke M "Selen" <Selen@discussions.microsoft.com> wrote in message news:C909593F-A360-463A-A0CA-1DB23673F4ED@microsoft.com... >I set protection to my worksheet, but it does not work. There are some >par...

SignedXML #2
Hello, I'm trying to create signed XML document with SignedXml class. As a SigningKey I'd like to use key pair obtained from user certificate stored in current user certificate store. I'm using WSE 2 SP 2 to get certificate, but when I'm invoking ComputeSignature() method of SignedXML instance I recive the following exception: "An unhandled exception of type 'System.NotSupportedException' occurred in microsoft.web.services2.dll Additional information: DecryptValue" I'd also like to mention, that when I try to export key's parameters I recive the fol...

Stop from Selecting a Protected Cell
Hi all, I am using XL2002. I have protected a cell by locking it - Format Cells>Protection tab>Locked. Then, I protect the worksheet - Tools >Protection>Protect Worksheet>without ticking on either Select Locked Cell or Select Unlocked Cell>type the password>OK. Then, I save the workbook. I protect the cell so that users cannot change the formula in it or even select the cell. I save the workbook. BUT when I open that workbook in other computers (with Excel 97/2000/2002), I can still able to select that cell eventhough I cannot write in it. Why does this happen? How to ...

Cannot expand/collapse outline groups on protected sheet
A continual frustration for us has been the inability to expand/collapse outline groups when a sheet is protected in Excel 2007. There are many options that can be excluded when protecting a sheet, but we do not see an exclusion for the outline option. Is there another option somewhere that will allow the user to perform this operation on a protected sheet? The only other option would be to put in macros that unprotect the sheet, hide or unhide certain groups, and then protect again. In most situations I don't think this is a very workable solution. Blue Max wrote: > > A...

Copy Protection Device
I had to replace the motherboard, and now the computer will not recognize the dongle. Does anyone know what I need to do? Go to Device Manager, find the dongle under USB devices, remove it from there, remove the physical dongle from the computer too, reboot the computer, insert the dongle, wait for the prompt "Found new hardware", put in the orginal RMS CD, let the system search for the dongle driver on the CD, let the system install the driver. It is going to work after this. "Sharon" wrote: > I had to replace the motherboard, and now the computer will not r...