How to: Access Hardware Encryption Devices
Note
This article applies to Windows.
You can use the CspParameters class to access hardware encryption devices. For example, you can use this class to integrate your application with a smart card, a hardware random number generator, or a hardware implementation of a particular cryptographic algorithm.
The CspParameters class creates a cryptographic service provider (CSP) that accesses a properly installed hardware encryption device. You can verify the availability of a CSP by inspecting the following registry key using the Registry Editor (Regedit.exe): HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
To sign data using a key card
Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.
Pass the appropriate flags to the Flags property of the newly created CspParameters object. For example, pass the UseDefaultKeyContainer flag.
Create a new instance of an AsymmetricAlgorithm class (for example, the RSACryptoServiceProvider class), passing the CspParameters object to the constructor.
Sign your data using one of the
Sign
methods and verify your data using one of theVerify
methods.
To generate a random number using a hardware random number generator
Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.
Create a new instance of the RNGCryptoServiceProvider, passing the CspParameters object to the constructor.
Create a random value using the GetBytes or GetNonZeroBytes method.
Example
The following code example demonstrates how to sign data using a smart card. The code example creates a CspParameters object that exposes a smart card, and then initializes an RSACryptoServiceProvider object using the CSP. The code example then signs and verifies some data.
Due to collision problems with SHA1, we recommend SHA256 or better.
using namespace System;
using namespace System::Security::Cryptography;
int main()
{
// To identify the Smart Card CryptoGraphic Providers on your
// computer, use the Microsoft Registry Editor (Regedit.exe).
// The available Smart Card CryptoGraphic Providers are listed
// in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
// Create a new CspParameters object that identifies a
// Smart Card CryptoGraphic Provider.
// The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
// The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
CspParameters^ csp = gcnew CspParameters( 1,L"Schlumberger Cryptographic Service Provider" );
csp->Flags = CspProviderFlags::UseDefaultKeyContainer;
// Initialize an RSACryptoServiceProvider object using
// the CspParameters object.
RSACryptoServiceProvider^ rsa = gcnew RSACryptoServiceProvider( csp );
// Create some data to sign.
array<Byte>^data = gcnew array<Byte>{
0,1,2,3,4,5,6,7
};
Console::WriteLine( L"Data : {0}", BitConverter::ToString( data ) );
// Sign the data using the Smart Card CryptoGraphic Provider.
array<Byte>^sig = rsa->SignData( data, L"SHA1" );
Console::WriteLine( L"Signature : {0}", BitConverter::ToString( sig ) );
// Verify the data using the Smart Card CryptoGraphic Provider.
bool verified = rsa->VerifyData( data, L"SHA1", sig );
Console::WriteLine( L"Verified : {0}", verified );
}
using System;
using System.Runtime.Versioning;
using System.Security.Cryptography;
namespace SmartCardSign
{
[SupportedOSPlatform("windows")]
class SCSign
{
static void Main(string[] args)
{
// To identify the Smart Card CryptoGraphic Providers on your
// computer, use the Microsoft Registry Editor (Regedit.exe).
// The available Smart Card CryptoGraphic Providers are listed
// in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
// Create a new CspParameters object that identifies a
// Smart Card CryptoGraphic Provider.
// The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
// The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
CspParameters csp = new CspParameters(1, "Schlumberger Cryptographic Service Provider");
csp.Flags = CspProviderFlags.UseDefaultKeyContainer;
// Initialize an RSACryptoServiceProvider object using
// the CspParameters object.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
// Create some data to sign.
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 };
Console.WriteLine("Data : " + BitConverter.ToString(data));
// Sign the data using the Smart Card CryptoGraphic Provider.
byte[] sig = rsa.SignData(data, "SHA1");
Console.WriteLine("Signature : " + BitConverter.ToString(sig));
// Verify the data using the Smart Card CryptoGraphic Provider.
bool verified = rsa.VerifyData(data, "SHA1", sig);
Console.WriteLine("Verified : " + verified);
}
}
}
Imports System.Security.Cryptography
Module SCSign
Sub Main(ByVal args() As String)
' To identify the Smart Card CryptoGraphic Providers on your
' computer, use the Microsoft Registry Editor (Regedit.exe).
' The available Smart Card CryptoGraphic Providers are listed
' in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
' Create a new CspParameters object that identifies a
' Smart Card CryptoGraphic Provider.
' The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
' The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
Dim csp As New CspParameters(1, "Schlumberger Cryptographic Service Provider")
csp.Flags = CspProviderFlags.UseDefaultKeyContainer
' Initialize an RSACryptoServiceProvider object using
' the CspParameters object.
Dim rsa As New RSACryptoServiceProvider(csp)
' Create some data to sign.
Dim data() As Byte = {0, 1, 2, 3, 4, 5, 6, 7}
Console.WriteLine("Data : " + BitConverter.ToString(data))
' Sign the data using the Smart Card CryptoGraphic Provider.
Dim sig As Byte() = rsa.SignData(data, "SHA1")
Console.WriteLine("Signature : " + BitConverter.ToString(sig))
' Verify the data using the Smart Card CryptoGraphic Provider.
Dim verified As Boolean = rsa.VerifyData(data, "SHA1", sig)
Console.WriteLine("Verified")
End Sub
End Module
Compiling the Code
Include the System and System.Security.Cryptography namespaces.
You must have a smart card reader and drivers installed on your computer.
You must initialize the CspParameters object using information specific to your card reader. For more information, see the documentation of your card reader.