When run SignedXmlTest on real HSM device, a NotSupportedException thrown at Pkcs11RsaProvider.DecryptValue method
using (var store = new Pkcs11X509Store(Hsm2Manager.LibraryPath, Hsm2Manager.PinProvider))
{
// Find signing certificate
Pkcs11X509Certificate cert = Helper.GetCertificate(store, Hsm2Manager.Token1Label, Hsm2Manager.Token1CertLabel);
// Get PKCS#11 based private key
RSA rsaPrivateKey = cert.GetRSAPrivateKey();
// Get software based public key
RSA rsaPublicKey = cert.Info.ParsedCertificate.PublicKey.Key as RSA;
// Sign the XML that was just created and save it in a new file
SignXmlFile("input.xml", "signed.xml", rsaPrivateKey);
}
and
public static void SignXmlFile(string FileName, string SignedFileName, RSA Key)
{
// Create a new XML document.
XmlDocument doc = new XmlDocument();
// Load the passed XML file using its name.
doc.Load(new XmlTextReader(FileName));
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(doc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new RSAKeyValue((RSA)Key));
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
doc.DocumentElement.AppendChild(doc.ImportNode(xmlDigitalSignature, true));
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
// Save the signed XML document to a file specified
// using the passed string.
XmlTextWriter xmltw = new XmlTextWriter(SignedFileName, new UTF8Encoding(false));
doc.WriteTo(xmltw);
xmltw.Close();
}
When run SignedXmlTest on real HSM device, a NotSupportedException thrown at Pkcs11RsaProvider.DecryptValue method
and