Chilkat Forum

Technologies => Digital Signatures => Topic started by: stefano simonato on February 23, 2018, 03:39:52 PM

Title: Signing XML with smartcard(private key not exportable)
Post by: stefano simonato on February 23, 2018, 03:39:52 PM
Hi,

I am trying to sign xml with a smartcard and getting the error bellow:

 
Quote
ChilkatLog: SetX509Cert:
     DllDate: Nov 10 2017
     ChilkatVersion: 9.5.0.70
     UnlockPrefix: CISSSA.CB1112018
     Architecture: Little Endian; 32-bit
     Language: ActiveX
     VerboseLogging: 0
     usePrivateKey: 1
     exportPrivateKey:
       Failed to export private key.
       The private key is not exportable from the Windows protected
 store.
     --exportPriv>ateKey
     Certificate does not have a private key.   --SetX5>09Cert
 --ChilkatLog

I am using the a CertStore to get a object Cert(it has the private key) but when i call SetX509Cert using this object Cert, the error ocurs.

How can I sign my xml?
Title: Re: Signing XML with smartcard(private key not exportable)
Post by: Chilkat on April 03, 2018, 09:00:27 PM
(This problem was solved via private email.  The next version of Chilkat to be released will include the fix.)
Title: Re: Signing XML with smartcard(private key not exportable)
Post by: stary on June 02, 2018, 08:39:02 AM
I was excited reading the new version (9.5.0.73) Release Notes:
Quote
XmlDSigGen Now capable of using non-exportable private keys on Windows, such as for A3 certificates where the private key is on a hardware token.

I am using Gemalto K30 USB hardware token, where some certificates are stored.   
I've just tried new version ActiveX, but there is still the same problem as it was in previous version.

I can  read public key with Cert.ExportPublicKey() method,  but not the private key with Cert.ExportPrivateKey() method.

This is what I get from Cert.LastErrorText property:

Code: [Select]
ChilkatLog:
  ExportPrivateKey:
    DllDate: May 22 2018
    ChilkatVersion: 9.5.0.73
    UnlockPrefix: NONE
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
    exportPrivateKey:
      Failed to export private key.
      The private key is not exportable from the Windows protected store.
    --exportPrivateKey
    Failed.
  --ExportPrivateKey
--ChilkatLog


Is there a possible solution for this?


 

 
Title: Re: Signing XML with smartcard(private key not exportable)
Post by: Chilkat on June 04, 2018, 04:59:30 PM
Use the XmlDSigGen.SetX509Cert to indirectly set the private key without needing to explicitly export it.