Author Topic: Signing XML with smartcard(private key not exportable)  (Read 294 times)

stefano simonato

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Signing XML with smartcard(private key not exportable)
« on: February 23, 2018, 03:39:52 PM »
Hi,

I am trying to sign xml with a smartcard and getting the error bellow:

 
Quote
ChilkatLog: SetX509Cert:
     DllDate: Nov 10 2017
     ChilkatVersion: 9.5.0.70
     UnlockPrefix: CISSSA.CB1112018
     Architecture: Little Endian; 32-bit
     Language: ActiveX
     VerboseLogging: 0
     usePrivateKey: 1
     exportPrivateKey:
       Failed to export private key.
       The private key is not exportable from the Windows protected
 store.
     --exportPriv>ateKey
     Certificate does not have a private key.   --SetX5>09Cert
 --ChilkatLog

I am using the a CertStore to get a object Cert(it has the private key) but when i call SetX509Cert using this object Cert, the error ocurs.

How can I sign my xml?

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 101
  • Karma: +6/-0
    • View Profile
Re: Signing XML with smartcard(private key not exportable)
« Reply #1 on: April 03, 2018, 09:00:27 PM »
(This problem was solved via private email.  The next version of Chilkat to be released will include the fix.)

stary

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Signing XML with smartcard(private key not exportable)
« Reply #2 on: June 02, 2018, 08:39:02 AM »
I was excited reading the new version (9.5.0.73) Release Notes:
Quote
XmlDSigGen Now capable of using non-exportable private keys on Windows, such as for A3 certificates where the private key is on a hardware token.

I am using Gemalto K30 USB hardware token, where some certificates are stored.   
I've just tried new version ActiveX, but there is still the same problem as it was in previous version.

I can  read public key with Cert.ExportPublicKey() method,  but not the private key with Cert.ExportPrivateKey() method.

This is what I get from Cert.LastErrorText property:

Code: [Select]
ChilkatLog:
  ExportPrivateKey:
    DllDate: May 22 2018
    ChilkatVersion: 9.5.0.73
    UnlockPrefix: NONE
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
    exportPrivateKey:
      Failed to export private key.
      The private key is not exportable from the Windows protected store.
    --exportPrivateKey
    Failed.
  --ExportPrivateKey
--ChilkatLog


Is there a possible solution for this?


 

 

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 101
  • Karma: +6/-0
    • View Profile
Re: Signing XML with smartcard(private key not exportable)
« Reply #3 on: June 04, 2018, 04:59:30 PM »
Use the XmlDSigGen.SetX509Cert to indirectly set the private key without needing to explicitly export it.