Closed anshulv1401 closed 2 years ago
Hello @anshulv1401, thanks for the PR.
Please help me to understand the motivation for these changes. This is how I understand the code:
You wanted to use CA cert/key stored on PKCS#11 device to issue/generate X.509 certificate via
System.Security.Cryptography.X509Certificates.CertificateRequest::Create
method but the implementation ofNet.Pkcs11Interop.X509Store.Pkcs11RsaProvider::HashData
was missing.
Is my understanding correct?
Hello @anshulv1401, thanks for the PR.
Please help me to understand the motivation for these changes. This is how I understand the code:
You wanted to use CA cert/key stored on PKCS#11 device to issue/generate X.509 certificate via
System.Security.Cryptography.X509Certificates.CertificateRequest::Create
method but the implementation ofNet.Pkcs11Interop.X509Store.Pkcs11RsaProvider::HashData
was missing.Is my understanding correct?
Hi @jariq, thanks for responding. Your understanding is correct, I was exploring a way to issue/generate X.509 certificate via cert/key stored in soft-HSM (PKCS#11), and encountered the "HashData method not implemented" exception. We are using this in an under-development project to issue certificates to biometric devices, which sign the encrypted bio value using the issued certificate. The signature chain is validated at a central server.
Functionally equivalent code has just been merged in #31 to both Pkcs11RsaProvider
and Pkcs11ECDsaProvider
so I'm closing this PR without merge.
Creating dotnet signed certificate System.Security.Cryptography.X509Certificates.X509Certificate2 using dotnet System.Security.Cryptography.X509Certificates.CertificateRequest
Created X509SignatureGenerator using RSA private key retrieved from the Pkcs11X509Certificate, which then passed to CertificateRequest to get X509Certificate2.