i able identify client certificates in .net thick client app, , user able select one.
x509store store = new x509store("my", storelocation.currentuser); store.open(openflags.openexistingonly | openflags.readonly); var fcollection = store.certificates.find(x509findtype.findbyapplicationpolicy, "1.3.6.1.5.5.7.3.2", true); // other stuff user selects 1 of them now how ask user answer challenge (e.g. pin in case)?
i see there's signedxml.computesignature() class, takes byte stream, , i'm not sure comes (perhaps in certificate.rawdata[]?).
i'm not interested in getting actual pin card/pin match.
edit:
i tried using private key smart card (and encrypted it), don't asked pin.
rsacryptoserviceprovider rsacsp = (rsacryptoserviceprovider)certificate.privatekey; unicodeencoding byteconverter = new unicodeencoding(); byte[] datatoencrypt = byteconverter.getbytes("data encrypt"); var encrypteddata = rsaencrypt(datatoencrypt, rsacsp.exportparameters(false), false);
if smartcard, pin prompt happen when try use private key of certificate.
you need use certificate somehow, , validate result. example, might use certificate sign something. once signature operation happens, pin prompt appear.
if don't need "use" certificate, want validate it's there , user knows pin, need sort of proof of work. certificate used sign challenge, , remote server validate signature uses key belongs trusted root. keep in mind difficult right, such making sure aren't open replay attack, etc.
Comments
Post a Comment