search

CryptoPro / corefx

This repo contains the .NET Core foundational libraries, called CoreFX. It includes classes for collections, file systems, console, XML, async and many others. We welcome contributions.
https://github.com/dotnet/core
MIT License
27 stars 7 forks source link

No private key set when using CmsSigner(X509Certificate2 certificate) constructor #38

Closed memores closed 2 years ago

memores commented 3 years ago

my code:

var contentInfo = new ContentInfo(bytes);
var signedCms = new SignedCms(contentInfo, true);
var cmsSigner = new CmsSigner(_certificateProvider.Certificate);

signedCms.ComputeSignature(cmsSigner); //exception there
var encodedSignature = signedCms.Encode();

stacktrace:

at Internal.Cryptography.Pal.Windows.HelpersWindows.GetStringProvParam(SafeProvOrNCryptKeyHandle handle, CryptProvParam dwParam, Span`1& buf, Byte[]& rented, Int32 clearLen) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/HelpersWindows.cs:line 461
   at Internal.Cryptography.Pal.Windows.HelpersWindows.GetProvParameters(SafeProvOrNCryptKeyHandle handle) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/HelpersWindows.cs:line 418
   at Internal.Cryptography.Pal.Windows.PkcsPalWindows.GetPrivateKey[T](X509Certificate2 certificate, Boolean silent, Boolean preferNCrypt) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.cs:line 249
   at Internal.Cryptography.Pal.Windows.PkcsPalWindows.GetPrivateKeyForSigning[T](X509Certificate2 certificate, Boolean silent) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.cs:line 181
   at System.Security.Cryptography.Pkcs.CmsSignature.Gost2012_256CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, Oid& signatureAlgorithm, Byte[]& signatureValue) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.Gost2012_256.cs:line 71
   at System.Security.Cryptography.Pkcs.CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, Oid& oid, ReadOnlyMemory`1& signatureValue) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.cs:line 104
   at System.Security.Cryptography.Pkcs.CmsSigner.Sign(ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs:line 251
   at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 323
   at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 274
   at CCH.EsiaSigner.Controllers.GostController.Sign(String message) in /source/esia/Controllers/GostController.cs:line 33

OS: ubuntu:latest Microsoft.Private.CoreFx.NETCoreApp Version: 4.7.0-dev.20465.1 CryptoPro version: 5.0

p.s. If y try to use CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2 certificate, AsymmetricAlgorithm privateKey) constructor and set privateKey directly then all will be ok.

tolyanich commented 3 years ago

How you get your certificate object in first case? It will only work if your certificate has internal link to private key from store. Is HasPrivateKey property is true for your case?