none
How to decrypt doc. with x509Certificate2, preset password / suppress passw. dialog? RRS feed

  • Question

  • Hi,

     

    I want to decrypt an document with the matching private key under Windows (XP or Win7 64Bit) high security conditions. But everytime the CSP asks for the password to grant access.

     

    I need to suppress the password dialog and insert the password programmatically.

     

    Spoiler:

    I have installed the X509 software certificate in certificate store under high security conditions. I fetched it as X509Certificates2 from store, encryption works, decryption works but password dialog appears. How can I set the password beforehand, so that it is already known by CSP and the access to private key operations will be granted, without password dialog?

     

    Full story.

     

    I tried following steps:

    1. Encryption with x509 software certificate (public key)

        The x509 certificate (cert) has been importet from the certificate store

    Public Function EncryptWithCertPubKey(cert As System.Security.Cryptography.X509Certificates.

    X509Certificate2, data As byte()) As Byte()

    Dim rsa As System.Security.Cryptography.RSACryptoServiceProvider =

    TryCast(cert.PublicKey.Key,

    System.Security.Cryptography.RSACryptoServiceProvider)

    Return rsa.Encrypt(data, True)

    End Function

     

     

    2. Decryption with x509 software certificate (private key)

        The password (certPass) was set when installing the certificate into the certificate store under high security conditions.

        The export to raw data seemed to be a way to do this and simutanously put in the password for suppressing the dialog.

    Public Function DecryptWithCertKey(cert As

    System.Security.Cryptography.X509Certificates.X509Certificate2, certPass

    As String, data As Byte()) As Byte()

    Dim rawdata As Byte() cert.Export(Security.Cryptography.X509Certificates.

    X509ContentType.Pkcs12,certPass)

    Dim cert2 As New System.Security.Cryptography.X509Certificates.

    X509Certificate2(rawdata,certPass)

    Dim rsa2 As System.Security.Cryptography.RSACryptoServiceProvider =

    TryCast(cert2.PrivateKey, System.Security.Cryptography.

    RSACryptoServiceProvider)

    Return rsa2.Decrypt(data, True)

    End Function

     

     

     

    But again the password dialog appears while accessing the private key, event though the pass is given already.

    cert.Export(Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, certPass)

     

     

    I found out that there is a function in CSP-Parameters to preset the password, so it should be already known for the CSP, and no dialog might appear if it works.

    I.e.:

    Dim certPass As New System.Security.SecureString

    Dim cspp As New System.Security.Cryptography.CspParameters(1, _

    "Microsoft Strong Cryptographic Provider")

    cspp.KeyPassword = certPass

     

     

    But I don't know how to handle it, because I have'nt found a way to insert CSP-Parameters to X509Certificates2, neither to RSACryptoprovider (while using X509Certificates2).

     

    Any help is appreciated. :-)


    Monday, March 25, 2013 12:42 PM

Answers

All replies

  • Hi Simplyaskin,

    This is by design. You cannot change it.

    Have a nice day.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Tuesday, March 26, 2013 7:55 AM
  • Hi CrazyGhost_Von,

    Sorry to question this. You're sure about this?

    I'm asking because, there exists the following property and, if I understand this right, it is mend to do the job:

    CspParameters.KeyPassword Property

    MSDN: Use the KeyPassword property to supply a password for a smart card key.When you specify a password using this property, a password dialog will not be presented to the user.

    But how could I use an X509Certificate2 with CspParameters?

    I don't know how to connect them.

    Any idea?

    Kind regards,

    simplyaskin








    Tuesday, March 26, 2013 8:41 AM
  • Hi ,

    As you can see, by design, after you set the smart card key, the dialog will be not presented to the user. Now it shows again, it means your password is not correct or something else, so it need password again.

    Have a nice day.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Tuesday, March 26, 2013 9:35 AM
  • Hi CrazyGhost_Von,

    the password is correct. That's not the reason.

    Does anybody know how to use an X509Certificate2 in conjunction with CspParameters?

    Kind regards,

    simplyaskin

    Wednesday, March 27, 2013 8:48 AM
  • Hi simplyaskin,

    You didn't assign the rawData a value.

        Public Function DecryptWithCertKey(cert As X509Certificate2, certPass As String, data As Byte()) As Byte()
            Dim rawdata As Byte()
            cert.Export(X509ContentType.Pkcs12, certPass)
            Dim cert2 As New System.Security.Cryptography.X509Certificates.
            X509Certificate2(rawdata, certPass)
            Dim rsa2 As System.Security.Cryptography.RSACryptoServiceProvider =
            TryCast(cert2.PrivateKey, RSACryptoServiceProvider)
            Return rsa2.Decrypt(Data, True)
        End Function

    Have a nice day.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Wednesday, March 27, 2013 1:14 PM
  • Hi CrazyGhost_Von,

    yes, there is a '='-sign missing in the multiple re-formatting this text.

    The real code looks like this:

    Dim rawdata As Byte() = cert.Export(X509ContentType.Pkcs12, certPass)

    But the main question is:

    How could one use an X509Certificate2 with CspParameters?

    Thursday, March 28, 2013 8:57 AM
  • Hi Simplyaskin,

    How about this way:

    1. Instantiate an RSACryptoServiceProvider instance with CspParameter, and export the cspBlob: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.exportcspblob.aspx 

    2. Instantiate an RSACryptoServiceProvider instance with Certificate, and import the cspBlob: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.importcspblob.aspx 

    Have a nice day.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Tuesday, April 2, 2013 2:36 PM
  • Hi Ghost,

    I tried the blob thing, and got an "wrong type" as answer, while using ImportCspBlob. This is curious, because the export function should export the right type for later import.

    However. Now I'm following an other path. I'm exporting the private key and put it into an symmetric encrypted xml file. I use this file for automated decryption, without any dialog and sh**.

    It's not the best solution, but the only one that works, actually.

    thx.

    Thursday, April 11, 2013 8:19 AM