locked
CryptAcquireContext and certificate.PrivateKey very slow RRS feed

  • Question

  • Hi,

    I'm currently working on a prototype which utilizes a smartcards private key for decrypting data.
    The environment I'm working on is Windows XP Sp3, .Net 3.5, C#, ACS5 Smartcard.

    From functionality perspective everything is fine (decryption works). My concerns are only related to the performance and not even here the actual decryption time which is pretty fast.

    It is more related to the access to the context via CryptAcquireContext (via usage of dllimport in C#) or via accessing the PrivateKey property of the respective certificate directly (bold in the following code excerpt):

    var key = (RSACryptoServiceProvider)certificate.PrivateKey;
    var providerHandle = IntPtr.Zero;
    var pinBuffer = Encoding.ASCII.GetBytes(pin);
    
    // provider handle is implicitly released when the certificate handle is released.
    CryptAcquireContext(
        ref providerHandle,
        key.CspKeyContainerInfo.KeyContainerName,
        key.CspKeyContainerInfo.ProviderName,
        key.CspKeyContainerInfo.ProviderType,
        0x40));

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool CryptAcquireContext(
                ref IntPtr hProv,
                string containerName,
                string providerName,
                int providerType,
                CryptContextFlags flags
                );

    certificate.PrivateKey as well as the call of CryptAcquireContext take 4 seconds with ACS CSP and smartcard. The same calls on a Siemens CSP and smartcard will take less than a second.

    Does anyone know if this is a pure CSP implementation problem or if I'm doing something wrong. All kinds of hints are very welcome :)

    Thanx,
      Frank

    Tuesday, March 13, 2012 10:59 AM

All replies

  • Does your reader shows activitity for most of the 4 seconds?

    Does the CSP read your certificates from the card and place them into your "MY" certstore during that 4 seconds?

    I would guess something specific in the CSP implementation. If you are using the ACOS5 CLIENT KIT, did you try their technical support?

    http://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACOS5-CLIENT-KIT 

    Tuesday, March 13, 2012 1:55 PM
  • Yes, the reader shows activity in those 4 seconds, but the certificate is not placed into the certificate store within this time period.

    I don't have a client kit, but a software development kit. Good point, I will contact the support... :)

    But just in case somebody has further suggestions, please let me know!

    Thanx!

    Wednesday, March 14, 2012 4:25 PM