Performing a digital signature using X509Certificate2 prompt for a password to use private key
How can i make sure the C# code uses a password to use the certificate's private key? The certificate is installed in the CurrentUser/Personal store. I tried but still my code uses the private key without prompting for a password.
byte[] fileData = File.ReadAllBytes(path);
ContentInfo contentInfo = new ContentInfo(fileData);
SignedCms signedCms =
new SignedCms(SubjectIdentifierType.SubjectKeyIdentifier, contentInfo, true);
CmsSigner signer =
new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, MyLoadedCert);
signer.IncludeOption = X509IncludeOption.WholeChain;
signedCms.ComputeSignature(signer); // Works fine without prompting password
byte[] encoded = signedCms.Encode();
File.WriteAllBytes(signatureFilePath, encoded);
When I ran you code with strong key protection enabled I've got an exception Provider could not perform the action since the context was acquired as silent.. This was because I did not specify the silent parameter in ComputeSignature method and by default it is set to true (so it seems).
When you change this line of code
signedCms.ComputeSignature(signer);
to
signedCms.ComputeSignature(signer, false);
then it will prompt for user interaction when necessary i.e. when you have specified strong key protection in Certificate Import Wizard. The documentation can be found here.
The default action/level of strong private key protection is medium meaning that user will have to approve (click OK) the use of private key. You can change it to High protection and set set the password if you want (see screens below).
- Is this declaration UB?
- return type defaults to 'int' [-Wimplicit-int]
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?
- Why in C when I print a double with a one decimal it round it to the next number
- Android C to Java SWIG unable to compile: incompatible types: byte cannot be converted to SWIGTYPE_p_uint8_t
- GNU Make in Ubuntu giving fatal error: rpc/types.h: No such file or directory
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How change every struct in an array of pointers?
- Optimized 2x2 matrix multiplication: Slow assembly versus fast SIMD
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- Fast ceiling of an integer division in C / C++