none
UnmanagedCode & SignedCms RRS feed

  • Question

  • Hi!

    SignedCms.ComputeSignature() require SecurityPermission: SecurityPermissionFlag.UnmanagedCode

    SignedCms.CheckSignature(), EnvelopedCms.Encrypt, EnvelopedCms.Decrypt dos not require SecurityPermissionFlag.UnmanagedCode.
    Is there any valid method to sign cms without SecurityPermission: SecurityPermissionFlag.UnmanagedCode?

    using System;  
    using System.Collections.Generic;  
    using System.Linq;  
    using System.Text;  
    using System.Security.Cryptography.Pkcs;  
    using System.Security.Cryptography.X509Certificates;  
    using System.Security.Permissions;  
     
    namespace simplesign  
    {  
        class Program  
        {  
            static public X509Certificate2 GetSignerCert()  
            {  
                X509Store storeMy = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
                storeMy.Open(OpenFlags.ReadOnly);  
     
                X509Certificate2Collection certColl =  
                    storeMy.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,  
                    "CN=RsaSigner", false);  
                storeMy.Close();  
     
                return certColl[0];  
            }  
     
            static void Test()  
            {  
                ContentInfo contentInfo = new ContentInfo(new byte[]{1,2,3});  
                SignedCms signedCms = new SignedCms(contentInfo);  
                X509Certificate2 signerCert = GetSignerCert();  
                CmsSigner cmsSigner = new CmsSigner(signerCert);  
                signedCms.ComputeSignature(cmsSigner);  
                signedCms.Encode();  
            }  
     
            static void Main(string[] args)  
            {  
                SecurityPermission permission =  
                    new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);  
                permission.Deny();  
     
                Test();  
            }  
        }  
    }  
     

    this code throw SecurityPermission with stack:

    System.StubHelpers.StubHelpers.BeginStandalone(IntPtr pFrame, IntPtr pNMD, Int32 dwStubFlags)
    System.Security.Cryptography.CAPIBase.CMSG_SIGNER_ENCODE_INFO.CryptReleaseContext(IntPtr hProv, UInt32 dwFlags)
    System.Security.Cryptography.CAPIBase.CMSG_SIGNER_ENCODE_INFO.Dispose()
    System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)
    System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
    simplesign.Program.Test()
    simplesign.Program.Main(String[] args)

    Thursday, July 10, 2008 12:39 PM

All replies

  • You need to create the correct CAS policy to allow the application to touch the protected resource (crypto keys etc). Now, if this is a windows application running local to the machine, you won't get this exception. Otherwise, you will.
    Sunday, November 16, 2008 1:52 AM