We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Problem with signing PDF file when using cert with privatekey stored on external card

I’m running sample application.
1.I choose my certificate installed on windows store. (but private key is not there)
2.After that i have to login to SimpleSign Certum (by Asseco)
3. After that I enter my PIN code
Results:
I received error:
w System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
w System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
w System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
w System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
w #=zEOxX2a0hC8ojDoJxSlekpMvTFF8kOc6EXg==.#=zcSaiqFY=.#=zl$BqoZ0=(Byte[] #=zPDa5OLA=, #=zqcdrDwoKheMvYtauGQ8AicTaQ74LsTHJVdMdkV4= #=zU1LlToo=, #=zaJ9PtYWHeexj2_tYKWgQ2QcseJ6x #=zNeh_D5Qe6RVI, TimestampSettings #=zEM4SZUJLB$xQ, Boolean #=zkE7w9bg=, X509Certificate2 #=znTRcb7uyGXCS)
w #=zEOxX2a0hC8ojDoJxSlekpMvTFF8kOc6EXg==.#=zcSaiqFY=.#=zHX9pDXo=(Byte[] #=zPDa5OLA=, X509Certificate2 #=znTRcb7uyGXCS, #=zaJ9PtYWHeexj2_tYKWgQ2QcseJ6x #=zNeh_D5Qe6RVI, TimestampSettings #=zEM4SZUJLB$xQ, Boolean #=zkE7w9bg=)
w #=zEOxX2a0hC8ojDoJxSlekpMvTFF8kOc6EXg==.#=zcSaiqFY=.#=zHX9pDXo=(Byte[] #=zPDa5OLA=, X509Certificate2 #=znTRcb7uyGXCS, #=zaJ9PtYWHeexj2_tYKWgQ2QcseJ6x #=zNeh_D5Qe6RVI, TimestampSettings #=zEM4SZUJLB$xQ)
w #=zEOxX2a0hC8ojDoJxSlekpMvTFF8kOc6EXg==.#=zcSaiqFY=.#=zHX9pDXo=(Byte[] #=zPDa5OLA=, X509Certificate2 #=znTRcb7uyGXCS)
w #=zgG9RpkKRmJWoa1X6e5nsU7i79j4q.#=zHX9pDXo=(String #=zh0IQfYQ=, #=z6bz9lWmKNj$yXyBqEjLHsDaxa39yJ3pCKw== #=zufTY5ig=, #=zYrv9oxYiFpZaFWRZ__jrwuyJYmco6jZ5dg== #=zx_21Ti0=, Stream #=zU1LlToo=, String #=zB_2oq_Y=, #=zaJ9PtYWHeexj2_tYKWgQ2QcseJ6x #=zNeh_D5Qe6RVI, TimestampSettings #=zEM4SZUJLB$xQ, X509Certificate2 #=znTRcb7uyGXCS)
w #=zgG9RpkKRmJWoa1X6e5nsU7i79j4q.#=zHX9pDXo=(String #=zh0IQfYQ=, #=z6bz9lWmKNj$yXyBqEjLHsDaxa39yJ3pCKw== #=zufTY5ig=, #=zYrv9oxYiFpZaFWRZ__jrwuyJYmco6jZ5dg== #=zx_21Ti0=, X509Certificate2 #=znTRcb7uyGXCS)
w Aspose.Pdf.Forms.Signature.#=zHX9pDXo=(String #=zh0IQfYQ=, Stream #=zU1LlToo=, String #=zB_2oq_Y=)
w Aspose.Pdf.Forms.SignatureField.Sign(Signature signature, Stream pfx, String pass)
w Aspose.Pdf.Forms.SignatureField.Sign(Signature signature)
w Aspose.Pdf.Examples.CSharp.AsposePDF.SecuritySignatures.SignWithSmartCardUsingPdfFileSignature.Run() w C:\Temp\Aspose.PDF-for-.NET-master\Aspose.PDF-for-.NET-master\Examples\CSharp\AsposePDF\Security-Signatures\SignWithSmartCardUsingPdfFileSignature.cs:
w Aspose.Pdf.Examples.CSharp.RunExamples.Main() w C:\Temp\Aspose.PDF-for-.NET-master\Aspose.PDF-for-.NET-master\Examples\CSharp\RunExamples.cs:

The same proces works OK, when I signing the same pdf file from acrobat reader. So my certificate/key/provider works OK.

When I choose other certificate (with privekey stored directly in windows) it works ok.

@putek,

Thanks for contacting support.

Can you please share source files along with sample project to further investigate this issue on our end.

I run code from your examples (with no change).
I notice on another software (PDFSign) that the same problem exists when I use dafault SHA1 algoritm, when I changed to SHA256 I signed with success.
I think that this couse problem.
But in asposePDF i can’t find props to change SHA1 to SHA256 or SHA512.

How can I change to SHA256 ?

" As SHA1 has been deprecated due to its security vulnerabilities, it is important to ensure you are no longer using a files signed using SHA1" .

@putek

We are looking into this and will share feedback with you soon.

Hello,

I have exactly the same message with a Belgian eID smartcard :

Any update ?
Thanks

@tfipsrd, @putek

We have logged an investigation ticket as PDFNET-48541 in our issue tracking system for this issue. We will surley look into its details and keep you posted with the status of its resolution. Please be patient and spare us some time.

We are sorry for the inconvenience.