chilkat - Unexpected error creating CAdES-BES .p7m using Smart Card

0

I'm trying to create .p7m file CAdES-BES digital signature). My algorithm is based on c++ chilkat example: https://www.example-code.com/cpp/cades_bes_smartcard.asp

Here's my scenario: - Visual Studio 2008 C++ - Smart card reader: Gemalto - Smart Card chip: INCARD - Bit4id Universal Middleware

Heres my test-function:

int PSignFile(LPCSTR szFile, LPCSTR szCCN)
{
    int nReturn = 0;
    CString sError;

    try
    {
        CkGlobal glob;
        bool success = glob.UnlockBundle(GetChilkatLicence());
        if (success != true)
        {
            sError.Format("Chilkat - component unlock failed\n\n%s", glob.lastErrorText());
            throw -1;
        }

        CkCrypt2 crypt;

        //  Use a certificate on a smartcard or USB token.
        CkCert cert;
        //  Pass the certificate's Subject CN to the LoadByCommonName method.
        success = cert.LoadByCommonName(szCCN);
        if (success != true)
        {
            sError.Format("Chilkat - load certificate failed\n\n%s", cert.lastErrorText());
            throw -2;
        }

        //  Provide the smartcard PIN.
        //  If the PIN is not explicitly provided here, the Windows OS should
        //  display a dialog for the PIN.
        //cert.put_SmartCardPin("000000");

        //  Provide the certificate for signing.
        success = crypt.SetSigningCert(cert);
        if (success != true)
        {
            //std::cout << crypt.lastErrorText() << "\r\n";
            sError.Format("Chilkat - set signing certificate failed\n\n%s", crypt.lastErrorText());
            throw -3;
        }

        crypt.put_CadesEnabled(true);
        //  Indicate that SHA-256 should be used.
        crypt.put_HashAlgorithm("sha256");

        // AGGIORNARE LA VERSIONE
        //  Specify the signed attributes to be included.
        //  (This is what makes it CAdES-BES compliant.)
        CkJsonObject jsonSignedAttrs;
        jsonSignedAttrs.UpdateInt("contentType",1);
        jsonSignedAttrs.UpdateInt("signingTime",1);
        jsonSignedAttrs.UpdateInt("messageDigest",1);
        jsonSignedAttrs.UpdateInt("signingCertificateV2",1);
        crypt.put_SigningAttributes(jsonSignedAttrs.emit());

        CString sSignedFile(szFile);
        sSignedFile += ".p7m";

        //  Create the CAdES-BES signature, which contains the original data.
        success = crypt.CreateP7M(szFile, static_cast<LPCSTR>(sSignedFile));
        if (success == false)
        {
            sError.Format("Chilkat - create p7m failed\n\n%s", crypt.lastErrorText());
            throw -4;
        }
    }
    catch(int nError)
    {
        nReturn = nError;
        DisplayMessage(sError, "Errore firma");
    }

    return nReturn;
}

I obtain this message error:

ChilkatLog:
  CreateP7M:
    DllDate: Aug 25 2018
    ChilkatVersion: 9.5.0.75
    UnlockPrefix: ABCSLT.CB1092019
    Architecture: Little Endian; 32-bit
    Language: Visual C++ 9.0 (32-bit)
    VerboseLogging: 0
    Component successfully unlocked using purchased unlock code.
    inPath: D:\xml\IT00484960588_BDQMJ.xml
    outPath: D:\xml\IT00484960588_BDQMJ.xml.p7m
    createOpaqueSignature:
      createPkcs7Signature:
        hashAlgorithm: sha256
        isDetachedSignature: 0
        dataContentSize: 99270
        numSigningCerts: 1
        issuerSerialNum: 351AE9
        createAuthenticatedAttributes:
          signingCertificateV2:
            adding SigningCertificateV2 authenticated attribute...
          --signingCertificateV2
        --createAuthenticatedAttributes
        numAsnBytesToSign: 51
        msCngSignWithCert:
          msPadAndSignHashV2:
            WindowsError: Errore imprevisto di scheda. <--- ERROR !!!!
            WindowsErrorCode: 0x8010001f
          --msPadAndSignHashV2
        --msCngSignWithCert
        Failed to sign digest of authenticated attributes.
        Failed to create one or more SignerInfos...
      --createPkcs7Signature
    --createOpaqueSignature
    Failed.
  --CreateP7M
--ChilkatLog

"WindowsError: Errore imprevisto di scheda." means "WindowsError: an unexpected card error has occurred". I'm stucked on this ! I don't know how to go on. Can anyone help me ? thanks !

Paolo

c++
digital-signature
smartcard
chilkat
asked on Stack Overflow Nov 22, 2018 by Paolo Branzaglia • edited Nov 22, 2018 by Paolo Branzaglia

1 Answer

0

I see from the contents of the LastErrorText that you are using MSVC++ 2008 (VC9).

Please try this new build:

32-bit: https://chilkatdownload.com/prerelease/chilkat-9.5.0-x86-vc9-1061.zip

64-bit: https://chilkatdownload.com/prerelease/chilkat-9.5.0-x86_64-vc9-1062.zip

There have been improvements since August 2018 having to do with smartcards.

Note: Chilkat uses the Microsoft CNG (Cryptographic Next Generation) API internally to do the signing. If the problem remains, it may be that the cert needs to be correctly installed on your Windows system. Check the documentation provided by the smartcard vendor ( Gemalto - Smart Card chip: INCARD - Bit4id Universal Middleware ) or information about what must be done...

answered on Stack Overflow Nov 23, 2018 by Chilkat Software

User contributions licensed under CC BY-SA 3.0