amiler_scumba at hotmail.com
Tue Feb 14 03:42:22 PST 2006
>We have our own token containing private key.
>The description of the scenario:
>1. We created 2 different keys using 2 different tokens.
>2. We formed the template passing the cert matching to the 1st key.
>3. We signed the template. When the provider asked for a token, we
>plugged the token contained the key non-matching to the cert.
>The document was signed successfully but the signature couldn't be
>verified with the cert from template.
Which CSP are you using? It looks like the CSP does not implement support
for key containers ver well. Each token should have each own key container
(name is usually generated as a sequence of random characters). My guess is,
that CryptAcquireCertificatePrivateKey only uses the container specified in
>Which token do you use? Which CSP do you use?
We were using ActivIdentity HW tokens (http://www.actividentity.com/) and
>And why do you use disk as
Certificate Authority advices users, that the certificate should be first
saved to disk and then imported to smart card (for backup reasons).
>What do you use to bind cert whis corresponding
The manufacture has a utlity that binds the key container (smart card) to
the certificate. You can also look up the Microsoft SDK - it has a sample
that does something similar.
>Has the signing operation been really completed?
Yes, the private key is still there. Look into C:\Documents and
IMHO, this is a serious bug on Internet Explorer.
FREE pop-up blocking with the new MSN Toolbar - get it now!
More information about the xmlsec