How to: Access Hardware Encryption Devices

You can use the CspParameters class to access hardware encryption devices. For example, you can use this class to integrate your application with a smart card, a hardware random number generator, or a hardware implementation of a particular cryptographic algorithm.

The CspParameters class creates a cryptographic service provider (CSP) that accesses a properly installed hardware encryption device. You can verify the availability of a CSP by inspecting the following registry key using the Registry Editor (Regedit.exe): HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.

To sign data using a key card

  1. Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.

  2. Pass the appropriate flags to the Flags property of the newly created CspParameters object. For example, pass the UseDefaultKeyContainer flag.

  3. Create a new instance of an AsymmetricAlgorithm class (for example, the RSACryptoServiceProvider class), passing the CspParameters object to the constructor.

  4. Sign your data using one of the Sign methods and verify your data using one of the Verify methods.

To generate a random number using a hardware random number generator

  1. Create a new instance of the CspParameters class, passing the integer provider type and the provider name to the constructor.

  2. Create a new instance of the RNGCryptoServiceProvider, passing the CspParameters object to the constructor.

  3. Create a random value using the GetBytes or GetNonZeroBytes method.

The following code example demonstrates how to sign data using a smart card. The code example creates a CspParameters object that exposes a smart card, and then initializes an RSACryptoServiceProvider object using the CSP. The code example then signs and verifies some data.


using namespace System;
using namespace System::Security::Cryptography;
int main()
{

   // To idendify the Smart Card CryptoGraphic Providers on your
   // computer, use the Microsoft Registry Editor (Regedit.exe).
   // The available Smart Card CryptoGraphic Providers are listed
   // in HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
   // Create a new CspParameters object that identifies a 
   // Smart Card CryptoGraphic Provider.
   // The 1st parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types.
   // The 2nd parameter comes from HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider.
   CspParameters^ csp = gcnew CspParameters( 1,L"Schlumberger Cryptographic Service Provider" );
   csp->Flags = CspProviderFlags::UseDefaultKeyContainer;

   // Initialize an RSACryptoServiceProvider object using
   // the CspParameters object.
   RSACryptoServiceProvider^ rsa = gcnew RSACryptoServiceProvider( csp );

   // Create some data to sign.
   array<Byte>^data = gcnew array<Byte>{
      0,1,2,3,4,5,6,7
   };
   Console::WriteLine( L"Data			: {0}", BitConverter::ToString( data ) );

   // Sign the data using the Smart Card CryptoGraphic Provider.
   array<Byte>^sig = rsa->SignData( data, L"SHA1" );
   Console::WriteLine( L"Signature	: {0}", BitConverter::ToString( sig ) );

   // Verify the data using the Smart Card CryptoGraphic Provider.
   bool verified = rsa->VerifyData( data, L"SHA1", sig );
   Console::WriteLine( L"Verified		: {0}", verified );
}



  • Include the System and System.Security.Cryptography namespaces.

  • You must have a smart card reader and drivers installed on your computer.

  • You must initialize the CspParameters object using information specific to your card reader. For more information, see the documentation of your card reader.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft