3

I am trying to sign using a certificate in a WatchData USB token. I use the Microsoft CryptoAPI function CryptSignMessage. If I specifiy sha1 as the Hashing Algorithm for the signing, then it succeeds. However this fails with an "Internal Error has occurred" if I try to use sha256.

The driver is downloaded from http://www.watchdata.com/service/usbtoken.jsp. This contains the PKCS#11 provider.

As per http://blogs.msdn.com/b/alejacma/archive/2010/06/02/quot-an-internal-error-ocurred-quot-when-using-sha-2-algorithms-with-signedcms.aspx this is because the WatchData Provider is not a CNG provider - (Cryptography API: Next Generation).

The call to NCryptOpenStorageProvider fails with the following program - which seems to show that it's not a CNG Provider. 

#include <windows.h>
#include <stdio.h>
#include <ncrypt.h>

int main()
{
    NCRYPT_PROV_HANDLE hProv;
    SECURITY_STATUS ret = NCryptOpenStorageProvider(&hProv, 
        L"Watchdata Brazil CSP v1.0", 0);
    if( ret != ERROR_SUCCESS)
        printf("Failed\n");
    else
        printf("worked\n");
}

I found the name of the provider by calling the CryptEnumProviders API.

Is there any other way to sign RSA-Sha256 using the certificate on the WatchData token? I would think there is no need for the CryptoAPI to rely on the CSP for the hashing function. Hashing is a standard function & CryptoAPI does have implementation of SHA-2.

user93353
  • 13,733
  • 8
  • 60
  • 122

2 Answers2

1

Unfortunately in CryptoAPI, even if you do hash separately from signing, you have to provide a hash object from the same CSP, rather than just the hash data in a buffer. This has changed in CNG, where hashing isn't done by Key Storage Providers, and the signing happens on a hash buffer, with the hashing done elsewhere, e.g. in a CNG primitive provider. A CNG Key Storage Provider may still fail if it gets a hash buffer of an unexpected length, so it doesn't make you immune from the problem of the provider not knowing about a given hash type.

Are you sure that the manufacturer hasn't produced a CNG Key Storage Provider that you can use with your device? I notice that there is a CNG Key Storage Provider in the "WatchKey_USB_Token_Admin_Tool" download on this page.

UPDATE: This driver didn't work with the OP's device.

I see four options:

  1. Contact the manufacturer's support and see whether they can provide you a CNG build for this device (and check that the desired signing mechanism is actually supported)
  2. Use an alternative device
  3. Use an alternative API that the device's software package supports (such as PKCS#11) to do the signing
  4. (And only if you really really need it), wrap up the functionality you need in your own CNG provider, using an API supported by the software package under-the-hood
softwariness
  • 4,022
  • 4
  • 33
  • 41
  • Where did you find the CNG provider? Which link? – user93353 Jan 26 '15 at 03:02
  • It was the first link on the page I linked (I didn't want to link directly to a binary) but here is the direct link: http://www.watchdata.com/service/driver/WatchKey_USB_Token_Admin_Tool.rar - I know this to contain a CNG Key Storage Provider from extracting the contents and looking at the DLLs and EXEs. The program `WDKSPconfig.exe` is a CNG Key Storage Provider registration tool, and `$SYSDIR\WDKSP.dll` is a CNG Key Storage Provider. – softwariness Jan 26 '15 at 08:54
  • 1
    Thank you. It does seem to have a CNG - but there are a couple of problems 1. It doesn't have PKCS#11 functionality like the other. Also by default the WatchData minidriver does not install this - so I cannot expect my users to have this installed :-( – user93353 Jan 26 '15 at 09:18
  • 1
    Is the need for CAPI or CNG so that you can interoperate with applications using those APIs (like AD Certificate Services or IIS), or is that just a preference? If you've got PKCS#11, could you use that API instead? – softwariness Jan 26 '15 at 09:22
  • Is it possible to create a RSA-SHA2 CMS/PKCS#7 format signature with just PKCS#11 APIs? – user93353 Jan 26 '15 at 09:28
  • Yes, but only if the implementation supports it, just as a CSP or CNG KSP only supports particular algorithms. – softwariness Jan 26 '15 at 09:37
  • @user93353 Did you get anywhere with PKCS#11, or get a response from the manufacturer about whether they can give you a CNG provider that will work with your device? – softwariness Jan 27 '15 at 09:44
-1

In this case, you can use OpenSSL to sign the data. See https://www.openssl.org/docs/crypto/RSA_sign.html

Since, you are using USB token, you can create a new RSA_METHOD structure which will have method to sign from USB token.

You can try the following:

  1. Compute SHA256 using OpenSSL.
  2. Compute signature by overloading RSA structure with new method to use your token.
doptimusprime
  • 9,115
  • 6
  • 52
  • 90