locked
Getting Certificate KeyContainerName to initialize CspParameters RRS feed

  • Question

  • How can I get the name of a Key Container that's in a smart card required for initialization of CspParameters?

    CspParameters^ cspa = gcnew CspParameters(ProviderType, ProviderName, keyContainerName, cryptoSecurityKey, securityString);

    RSACryptoServiceProvider^ csp = gcnew RSACryptoServiceProvider(cspa);

    Since certificates from smart cards are automatically installed in a personal certificate store, I have tried looking for keyContainerName in X509Certificate2 and I couldn't find it there.

    I have managed to find a container name of one of the keys outside of C++ using certutils.exe, and that way, I just entered that name and I managed to generate a digital signature using the aforementioned RSACryptoServiceProvider.  It worked  beautifully. But I need a way to find a container name of a given certificate within the program.

    From what I understand, if I don't provide the container name (leave it empty), it doesn't work, because the CSP doesn't know which certificate you want to use. So I need a way to find/get a key container name for any certificate of my choice in any smart card within the program code. 

    Unfortunately, most examples I've seen on the internet provide a constant predefined container name (like "example" or "test" - like here https://secpal.codeplex.com/discussions/13106 ), which is useless in real life.

    • Edited by Andrius Dee Tuesday, February 24, 2015 6:05 PM
    • Moved by Shu 2017 Monday, March 9, 2015 6:09 AM
    Tuesday, February 24, 2015 12:27 PM

Answers

  • Hi Andrius,

    I find the container name should be stored in some directories. Please check this document.

    Key Storage and Retrieval

    From your description, it seems that you need to enumerate all the saved RSA keys in the Microsoft CSP. Please refer to the discussion in below thread. You should be able to find something helpful for this issue.

    http://security.stackexchange.com/questions/1771/how-can-i-enumerate-all-the-saved-rsa-keys-in-the-microsoft-csp

    Additional, This issue should be post to the Windows desktop development forum.

    Best regards,

    Shu Hu


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Andrius Dee Thursday, May 7, 2015 11:27 AM
    Wednesday, February 25, 2015 6:45 AM

All replies

  • When I get a certificate from a local certificate store which I know corresponds to a certificate on a smart card (because it was installed from there) and initialize either a RSACryptoServiceProvider or a RSAPKCS1SignatureDeformatter in this way:

    RSACryptoServiceProvider^ csp = gcnew safe_cast<RSACryptoServiceProvider ^>(Certificate->PublicKey->Key);

    RSAPKCS1SignatureDeformatter^ RSADeformatter = gcnew RSAPKCS1SignatureDeformatter(Certificate->PublicKey->Key);

    //Certificate is of X509Certificate2^ type


    and then look at CspKeyContainerInfo in csp or RSADeformatter, I see a wrong Provider name ("Microsoft Enhanced RSA and AES Cryptographic Provider" instead of "CryptoTech CSP") and Type (24 instead of 1), and the KeyContainerName is empty (although I know the container name of that particular certificate). What am I doing wrong here initializing those classes? How do I initialize RSAPKCS1SignatureDeformatter Or RSACryptographicServiceProvider the right way so that I could see the right info in its CspKeyContainerInfo?

    By the way, there's nothing wrong with certificate and having initialized those classes that way I can even successfully verify a signature with them...

    Maybe it's due to some malfunction with my CSP drivers, since the privatekey is located in the smart card?

    • Merged by Shu 2017 Wednesday, February 25, 2015 10:25 AM duplicate
    Tuesday, February 24, 2015 6:41 PM
  • Hi Andrius,

    I find the container name should be stored in some directories. Please check this document.

    Key Storage and Retrieval

    From your description, it seems that you need to enumerate all the saved RSA keys in the Microsoft CSP. Please refer to the discussion in below thread. You should be able to find something helpful for this issue.

    http://security.stackexchange.com/questions/1771/how-can-i-enumerate-all-the-saved-rsa-keys-in-the-microsoft-csp

    Additional, This issue should be post to the Windows desktop development forum.

    Best regards,

    Shu Hu


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Andrius Dee Thursday, May 7, 2015 11:27 AM
    Wednesday, February 25, 2015 6:45 AM