SmartCard-HSM

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SmartCard-HSM

Bojan Buić
Hello,

I would like use my HSM device(http://www.smartcard-hsm.com/) through .NET application for storage of X509 certificate.
I don't know how setup CSP provider (OpenSC) for this device/USB HSM ?
I was try install OpenSC and use RSACryptoServiceProvider with CSPParameters setup to "Microsoft Base Smart Card Crypto Provider" and provider type = 1 but i got error :

A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate. Contact your system administrator

Help ?

--
Bojan Buić



------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SmartCard-HSM

Vincent Le Toux
Just replace "Microsoft Base Smart Card Crypto Provider" by "OpenSC CSP" and it will work.

Note: the CSP name should not be hardcoded.
You should call SCard* functions to ask for a card and then determine the CSP name from the card name (see bellow)

The OpenSC CSP is an alias for the Base smart card crypto. It is used to avoid the ask for a smart card driver each time it is installed. But this trick doesn't work for ECC smart card logon => I'll have to think about something else

Here is some c# code to ask for a card and get the CSP name:

private string GetSmartCardProvider()
        {
            IntPtr hContext = IntPtr.Zero;
// get the xaml windows handle
            WindowInteropHelper helper = new WindowInteropHelper(this);
            IntPtr reader = IntPtr.Zero;
            IntPtr card = IntPtr.Zero;
           
            int error = 0;
            try
            {
                error = NativeMethods.SCardEstablishContext(0, 0,0, ref hContext);
                if (error != 0)
                    throw new Win32Exception(error, "SCardEstablishContext 0x" + error.ToString("X"));

                reader = Marshal.AllocHGlobal(512);
                card = Marshal.AllocHGlobal(512);
                NativeMethods.OPENCARDNAME_EX dlgStruct = new NativeMethods.OPENCARDNAME_EX();
// for xaml
                dlgStruct.hwndOwner = helper.Handle;
                dlgStruct.hSCardContext = hContext;
                dlgStruct.dwFlags = 1; //SC_DLG_MINIMAL_UI;
                dlgStruct.lpstrRdr = reader;
                dlgStruct.nMaxRdr = 256;
                dlgStruct.lpstrCard = card;
                dlgStruct.nMaxCard = 256;
                //dlgStruct.lpstrTitle = "Select Card";
                // must be the last
                dlgStruct.dwStructSize = Marshal.SizeOf(dlgStruct);
                error = NativeMethods.SCardUIDlgSelectCard(ref dlgStruct);
                if (error != 0)
                    throw new Win32Exception(error, "SCardUIDlgSelectCard 0x" + error.ToString("X"));

                byte[] bCard = new byte[512];
                Marshal.Copy(card, bCard, 0, bCard.Length);
                string sCard = new UnicodeEncoding().GetString(bCard);

                int providerNameLength = 1024;
                StringBuilder providerName = new StringBuilder(providerNameLength);
                int lReturn = NativeMethods.SCardGetCardTypeProviderName(
                    hContext,
                    sCard,
                    2, // SCARD_PROVIDER_CSP
                    providerName,
                    ref providerNameLength
                );

                return providerName.ToString();
            }
            finally
            {
                if (hContext != IntPtr.Zero)
                    NativeMethods.SCardReleaseContext(hContext);
                if (card != IntPtr.Zero)
                    Marshal.FreeHGlobal(card);
                if (reader != IntPtr.Zero)
                    Marshal.FreeHGlobal(reader);
            }
        }

[DllImport("winscard.dll")]
        internal static extern int SCardEstablishContext(UInt32 dwScope,
            uint pvReserved1,
            uint pvReserved2,
            ref IntPtr phContext);

[DllImport("winscard.dll")]
        internal static extern int SCardReleaseContext(IntPtr hContext);

[DllImport("Scarddlg.dll", EntryPoint = "SCardUIDlgSelectCardW")]
        internal static extern int SCardUIDlgSelectCard(ref  OPENCARDNAME_EX pDlgStruc);

        [DllImport("winscard.dll",CharSet=CharSet.Unicode)]
        internal static extern int SCardGetCardTypeProviderName(
            IntPtr hContext,
            string szCardName,
            uint dwProviderId,
            StringBuilder szProvider,
            ref int pcchProvider
);

[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
        internal struct OPENCARDNAME_EX
        {
            public int dwStructSize;
            public IntPtr hSCardContext;
            public IntPtr hwndOwner;
            public int dwFlags;
            [MarshalAs(UnmanagedType.LPStr)]
            public string lpstrTitle;
            [MarshalAs(UnmanagedType.LPStr)]
            public string lpstrSearchDesc;
            public IntPtr hIcon;
            public IntPtr pOpenCardSearchCriteria;
            public IntPtr lpfnConnect;
            public IntPtr pvUserData;
            public int dwShareMode;
            public int dwPreferredProtocols;
            public IntPtr lpstrRdr;
            public int nMaxRdr;
            public IntPtr lpstrCard;
            public int nMaxCard;
            public int dwActiveProtocol;
            public IntPtr hCardHandle;
        }

regards,
Vincent

2015-10-05 17:18 GMT+02:00 Vincent Le Toux <[hidden email]>:
Just replace "Microsoft Base Smart Card Crypto Provider" by "OpenSC CSP" and it will work.

Note: the CSP name should not be hardcoded.
You should call SCard* functions to ask for a card and then determine the CSP name from the card name.

The OpenSC CSP is an alias for the Base smart card crypto. It is used to avoid the ask for a smart card driver each time it is installed. But this trick doesn't work for ECC smart card logon => I'll have to think about something else

regards,
Vincent

2015-10-05 17:09 GMT+02:00 Bojan Buić <[hidden email]>:
Hello,

I would like use my HSM device(http://www.smartcard-hsm.com/) through .NET application for storage of X509 certificate.
I don't know how setup CSP provider (OpenSC) for this device/USB HSM ?
I was try install OpenSC and use RSACryptoServiceProvider with CSPParameters setup to "Microsoft Base Smart Card Crypto Provider" and provider type = 1 but i got error :

A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate. Contact your system administrator

Help ?

--
Bojan Buić



------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel




--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com



--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SmartCard-HSM

Vincent Le Toux
In reply to this post by Bojan Buić
Run certutil -scinfo and copy/paste the containername into the CSP param

(the error is that the container couldn't be found)

regards,
Vincent

2015-10-05 21:33 GMT+02:00 Bojan Buić <[hidden email]>:
Thanks Vincent,

I just replace "Microsoft Base Smart Card Crypto Provider" with "OpenSC CSP" and now when I call digital signature on my XML throught SignedXml and RSACryptoServiceProvider (with CSP param : "OpenSC CSP") they ask me PIN but after I put password got error like :

The card cannot be accessed because the wrong PIN was presented.

I am pretty sure that password is correct.

Why ?

I use OpenSC 0.15.0

Bojan




--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel