如何從安全令牌獲取信息與C＃

Question

我需要使我的應用程序的用戶可以用他們的個人USB安全令牌來簽署他們的批准。

我已經設法簽署數據，但我還沒有能夠獲得已使用過的誰的令牌信息。

這裏是我到目前爲止的代碼：

CspParameters csp = new CspParameters(1, "SafeNet RSA CSP"); 
csp.Flags = CspProviderFlags.UseDefaultKeyContainer;    
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp); 
// Create some data to sign. 
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }; 
Console.WriteLine("Data   : " + BitConverter.ToString(data)); 
// Sign the data using the Smart Card CryptoGraphic Provider.    
byte[] sig = rsa.SignData(data, "SHA1");    
Console.WriteLine("Signature : " + BitConverter.ToString(sig)); 

有一個名爲「令牌名稱」令牌信息的字段。我如何訪問該字段以驗證該令牌是否已用於簽署批准？

aditional的信息和更新：

• 「令牌名」總是符合主人的姓名（誰擁有USB 令牌用戶）
• 現在看來似乎不能做，也許有一個網絡服務或 我需要調用才能從cert authority直接獲取 的信息。

Answer 1

當我問這個問題時，我對數字證書的理解是非常基本的，所以這個問題沒有得到妥善的解答。現在我明白我需要從智能卡設備訪問證書，查詢其屬性並測試用戶是否可以輸入適當的PIN碼。

這裏是我用來做這樣的代碼：

//Prompt the user with the list of certificates on the local store. 
//The user have to select the certificate he wants to use for signing. 
//Note: All certificates form the USB device are automatically copied to the local store as soon the device is plugged in. 
X509Store store = new X509Store(StoreLocation.CurrentUser); 
store.Open(OpenFlags.ReadOnly); 
X509CertificateCollection certificates = X509Certificate2UI.SelectFromCollection(store.Certificates, 
                       "Certificados conocidos", 
                       "Por favor seleccione el certificado con el cual desea firmar", 
                       X509SelectionFlag.SingleSelection 
                       ); 
store.Close(); 
X509Certificate2 certificate = null; 
if (certificates.Count != 0) 
{ 
    //The selected certificate 
    certificate = (X509Certificate2)certificates[0]; 
} 
else 
{ 
    //The user didn't select a certificate 
    return "El usuario canceló la selección de un certificado"; 
} 
//Check certificate's atributes to identify the type of certificate (censored) 
if (certificate.Issuer != "CN=............................., OU=................., O=..., C=US") 
{ 
    //The selected certificate is not of the needed type 
    return "El certificado seleccionado no corresponde a un token ..."; 
} 
//Check if the certificate is issued to the current user 
if (!certificate.Subject.ToUpper().Contains(("E=" + pUserADLogin + "@censoreddomain.com").ToUpper())) 
{ 
    return "El certificado seleccionado no corresponde al usuario actual"; 
} 
//Check if the token is currently plugged in 
XmlDocument xmlDoc = new XmlDocument(); 
XmlElement element = xmlDoc.CreateElement("Content", SignedXml.XmlDsigNamespaceUrl.ToString()); 
element.InnerText = "comodin"; 
xmlDoc.AppendChild(element); 
SignedXml signedXml = new SignedXml(); 
try 
{ 
    signedXml.SigningKey = certificate.PrivateKey; 
} 
catch 
{ 
    //USB Token is not plugged in 
    return "El token no se encuentra conectado al equipo"; 
} 
DataObject dataObject = new DataObject(); 
dataObject.Data = xmlDoc.ChildNodes; 
dataObject.Id = "CONTENT"; 
signedXml.AddObject(dataObject); 
Reference reference = new Reference(); 
reference.Uri = "#CONTENT"; 
signedXml.AddReference(reference); 
//Attempt to sign the data. The user will be prompted to enter his PIN 
try 
{ 
    signedXml.ComputeSignature(); 
} 
catch 
{ 
    //User didn't enter the correct PIN 
    return "Hubo un error confirmando la identidad del usuario"; 
} 
//The user has signed with the correct token 
return String.Format("El usuario {0} ha firmado exitosamente usando el token con serial {1}", pUserADLogin, certificate.SerialNumber); 

來源：

http://stormimon.developpez.com/dotnet/signature-electronique/（EN法語） https://www.simple-talk.com/content/print.aspx?article=1713（英文）