login about faq

When i try signing a document with CADES using a certificate from currentuserstore. I get this error. When i use this certificate in internet explorer a dialog shows to enter a password. I don't know how enter this password using chilkat. The lasterrorText obtained is:

ChilkatLog:
CreateDetachedSignature:
DllDate: Aug 5 2012
UnlockPrefix: 30-day trial
Username: PORTATIL:Ernesto
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
hcCurDate: Fri, 16 Nov 2012 21:05:32 +0100
hcExpire: 11/2012
SigningCert:
SubjectDN: C=ES, SN=36137603A, Surname=ALCONADA, OID.2.5.4.42=ERNESTO, CN="ALCONADA GARCIA, ERNESTO (FIRMA)"
SerialNumber: 2C49846E0FF992DC4F50D11B09CC3BD4
--SigningCert
No private key seems to be available for signing (5)
Continuing anyway in case it's a hardware CSP...
Will use CryptoAPI for signing.
Cannot produce CAdES signatures when forced to use the MS-Crypto API because of inability to access the private key.
The certificate (PFX) must be installed with the private key marked as exportable.
Failed.
--CreateDetachedSignature
--ChilkatLog

asked Nov 16 '12 at 15:12

aristeo's gravatar image

aristeo
1222


There are two solutions:

1) Re-import the PFX containing the certificate and private key onto the system, but this time allow the private key to be exportable. This will allow the Chilkat internals to gain access to the private key material such that it can produce the CAdES signature.

2) Use the PFX directly, and in this case you'll need to provide the PFX password in the call to AddPfxSourceFile.

link

answered Nov 18 '12 at 14:20

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Hi, I've the same problem, but the certificate I use to sign is on a SmartCard, so it's impossible (?) to "1) Re-import the PFX..." or "2) Use the PFX directly...". How can I sign a document with CAdES using a SmartCard? Thanks

link

answered Aug 22 '13 at 03:54

caponeri's gravatar image

caponeri
1

You cannot using Chilkat. When the private key is on a smartcard, Chilkat must use the underlying MS Crypto API (instead of it's own PKCS7 implementation) to do the signing. The Crypto API does not have CAdES capability. Therefore, the only choice is to use Chilkat's PKCS7 functionality.

Unfortunately, what Microsoft considers to be the "exporting" of the private key includes the act of accessing the private key in-memory. When Crypto-API does the same, Microsoft doesn't consider it to be "exporting" the private key.

link

answered Aug 22 '13 at 14:26

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×8
×2

Asked: Nov 16 '12 at 15:12

Seen: 1,732 times

Last updated: Aug 22 '13 at 14:26

powered by OSQA