How to: Access Hardware Encryption Devices

Note

This article applies to Windows.

You can use the CspParameters class to access hardware encryption devices. For example, you can use this class to integrate your application with a smart card, a hardware random number generator, or a hardware implementation of a particular cryptographic algorithm.

The CspParameters class creates a cryptographic service provider (CSP) that accesses a properly installed hardware encryption device. You can verify the availability of a CSP by inspecting the following registry key using the Registry Editor (Regedit.exe): HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.

To sign data using a key card

1. Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.

2. Pass the appropriate flags to the Flags property of the newly created CspParameters object. For example, pass the UseDefaultKeyContainer flag.

3. Create a new instance of an AsymmetricAlgorithm class (for example, the RSACryptoServiceProvider class), passing the CspParameters object to the constructor.

4. Sign your data using one of the Sign methods and verify your data using one of the Verify methods.

To generate a random number using a hardware random number generator

1. Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.

2. Create a new instance of the RNGCryptoServiceProvider, passing the CspParameters object to the constructor.

3. Create a random value using the GetBytes or GetNonZeroBytes method.

Example

The following code example demonstrates how to sign data using a smart card. The code example creates a CspParameters object that exposes a smart card, and then initializes an RSACryptoServiceProvider object using the CSP. The code example then signs and verifies some data.

Due to collision problems with SHA1, we recommend SHA256 or better.

using namespace System;
using namespace System::Security::Cryptography;
int main()
{

   // To identify the Smart Card CryptoGraphic Providers on your
   // computer, use the Microsoft Registry Editor (Regedit.exe).
   // The available Smart Card CryptoGraphic Providers are listed
   // in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
   // Create a new CspParameters object that identifies a
   // Smart Card CryptoGraphic Provider.
   // The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
   // The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
   CspParameters^ csp = gcnew CspParameters( 1,L"Schlumberger Cryptographic Service Provider" );
   csp->Flags = CspProviderFlags::UseDefaultKeyContainer;

   // Initialize an RSACryptoServiceProvider object using
   // the CspParameters object.
   RSACryptoServiceProvider^ rsa = gcnew RSACryptoServiceProvider( csp );

   // Create some data to sign.
   array<Byte>^data = gcnew array<Byte>{
      0,1,2,3,4,5,6,7
   };
   Console::WriteLine( L"Data			: {0}", BitConverter::ToString( data ) );

   // Sign the data using the Smart Card CryptoGraphic Provider.
   array<Byte>^sig = rsa->SignData( data, L"SHA1" );
   Console::WriteLine( L"Signature	: {0}", BitConverter::ToString( sig ) );

   // Verify the data using the Smart Card CryptoGraphic Provider.
   bool verified = rsa->VerifyData( data, L"SHA1", sig );
   Console::WriteLine( L"Verified		: {0}", verified );
}

using System;
using System.Runtime.Versioning;
using System.Security.Cryptography;

namespace SmartCardSign
{
    [SupportedOSPlatform("windows")]
    class SCSign
    {
        static void Main(string[] args)
        {
            // To identify the Smart Card CryptoGraphic Providers on your
            // computer, use the Microsoft Registry Editor (Regedit.exe).
            // The available Smart Card CryptoGraphic Providers are listed
            // in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.

            // Create a new CspParameters object that identifies a
            // Smart Card CryptoGraphic Provider.
            // The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
            // The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
            CspParameters csp = new CspParameters(1, "Schlumberger Cryptographic Service Provider");
            csp.Flags = CspProviderFlags.UseDefaultKeyContainer;

            // Initialize an RSACryptoServiceProvider object using
            // the CspParameters object.
            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);

            // Create some data to sign.
            byte[] data = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 };

            Console.WriteLine("Data			: " + BitConverter.ToString(data));

            // Sign the data using the Smart Card CryptoGraphic Provider.
            byte[] sig = rsa.SignData(data, "SHA1");

            Console.WriteLine("Signature	: " + BitConverter.ToString(sig));

            // Verify the data using the Smart Card CryptoGraphic Provider.
            bool verified = rsa.VerifyData(data, "SHA1", sig);

            Console.WriteLine("Verified		: " + verified);
        }
    }
}

Imports System.Security.Cryptography



Module SCSign

    Sub Main(ByVal args() As String)
        ' To identify the Smart Card CryptoGraphic Providers on your
        ' computer, use the Microsoft Registry Editor (Regedit.exe).
        ' The available Smart Card CryptoGraphic Providers are listed
        ' in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.

        ' Create a new CspParameters object that identifies a
        ' Smart Card CryptoGraphic Provider.
        ' The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
        ' The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
        Dim csp As New CspParameters(1, "Schlumberger Cryptographic Service Provider")
        csp.Flags = CspProviderFlags.UseDefaultKeyContainer

        ' Initialize an RSACryptoServiceProvider object using
        ' the CspParameters object.
        Dim rsa As New RSACryptoServiceProvider(csp)

        ' Create some data to sign.
        Dim data() As Byte = {0, 1, 2, 3, 4, 5, 6, 7}


        Console.WriteLine("Data   : " + BitConverter.ToString(data))

        ' Sign the data using the Smart Card CryptoGraphic Provider.
        Dim sig As Byte() = rsa.SignData(data, "SHA1")

        Console.WriteLine("Signature : " + BitConverter.ToString(sig))

        ' Verify the data using the Smart Card CryptoGraphic Provider.
        Dim verified As Boolean = rsa.VerifyData(data, "SHA1", sig)

        Console.WriteLine("Verified")

    End Sub

End Module

Compiling the Code

• Include the System and System.Security.Cryptography namespaces.

• You must have a smart card reader and drivers installed on your computer.

• You must initialize the CspParameters object using information specific to your card reader. For more information, see the documentation of your card reader.

See also

• Cryptography Model
• Cryptographic Services
• Cross-Platform Cryptography
• ASP.NET Core Data Protection