Sign file with public and private keys stored on smart card

Question

I develop an application to sign file XML with a public key and a private key stored on a smart card (IAS-ECC). I know that my smart card has two certificates (one used for authentication, one used for signature) and private keys. With that in mind, I search desperately documentations and examples to sign correctly my file (the size varies between 4 and 10 ko). All in all, I want obtain a P7M file.

So, my questions are: how to do this? Do I use some libraries like OpenSSL or PKCS11? For the moment, I only try to use APDU commands, but with no results. I would like to know all the steps to do this.

In addition, I discovered on my smart card a CSP (“Cryptographic Service Provider”) by sending APDU commands. Is it useful?

I should specify that I develop on C# with Compact Framework (3.5). If you’ve got an idea, I’m very happy to hear that.

Thank you by advance for your help!

Best regards

Answer 1

If you have PKCS11 driver DLL for the smartcard reader and/or smartcard, that would be an ideal option. This will give you easy to use way to sign the data.

I am not sure that OpenSSL will be able to access the smartcard (at least without modifying the source code) but I am not an expert in OpenSSL. What I know is that our SecureBlackbox would do the job (if you can use PKCS11).

On a side note, are you sure that you need to get PKCS#7 signature (P7M extension implies this)? XML files are often signed using XMLDSig or XAdES (extension of XMLDSig). Or it can be that you need a detached PKCS#7 signature. You need to check the requirements.