C # - Use of A3 Certificate (Card Reader) + Windows Service

Navigation
2

Good morning, everyone.

I created a windows service (C #) where I subscribe to NFC-es XML using the FlexDocs DLL. Using the A1 certificate everything works normally, but when using A3, the frame where I must enter the PIN does not open / appear.

I tried to inform myself via the web, on this subject and what I could raise is that the windows service does not open the frame because it has no user interaction. I then tried to pass the PIN directly, but I still could not.

I'm desperate here to ask: Is there any way to use A3 + Windows Service Certificate? So that it stays 100% automatic? Or at least pass the PIN via code ??? The goal is simple, the service monitor the coupon information in the DB and thereby generate / sign / send / fetch XML.

I will pass on all the information I have so far:

1) The card reader is from Serasa Experian , template: "Near CCID" ;

2) Using certificate A1 (installable file) worked 100%. The only difference is that I had to change the service to log in as the current user of the machine. (If possible I wish it did not have to be done, but as "system account" or "local service account" does not work the certificate):

3)ViaDebuginVisualStudio,theA3certificateopenstheframefortypingthePIN,buttestingtheinstalledservice,itdoesnotopenthePINframeandreturns:5002-Error:Connectionfailed:MessageWindowserror=[Therequestwasaborted:AsecurechannelcouldnotbecreatedforSSL/TLS.](Probablecause:TheWebServicecertificatechainaccessedortheclientcertificatethatdoesnotexistinthecurrentWindowsusercertificatestore);

4)ItriedtopassthedirectPINasexplained here , using the class" RSACryptoServiceProvider "but is giving " Access Denied ". In the code where "xxxx" = > PIN. The line of code that denied the access error = > company.X509Certificate.PrivateKey = test;: 

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

                //if (store.Certificates.Count == 0)
                //{
                //    store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                //    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                //}

                X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
                X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectDistinguishedName, empresa.Certificado.ToString().Trim(), false);

                if (collection1.Count == 0)
                {
                    throw new Exception("Não é possível continuar, Certificado Digital não encontrado!");
                }
                else
                {
                    empresa.X509Certificado = collection1[0];
                }

                RSACryptoServiceProvider teste = new RSACryptoServiceProvider();

                teste = LerDispositivo("xxxx", 1, "SafeSign Standard Cryptographic Service Provider");

                empresa.X509Certificado.PrivateKey = teste;

Any help will be welcome, if you need more information, please ask me! Thank you all!

    
asked by anonymous 04.07.2016 / 16:30

1 answer

1

The use of the type A3 certificate is more restricted than type A1. In A1, you can open it inside the code if you have the private key password. In A3, it is mandatory that the user type the password when requested by the application.

When you debug the service in Visual Studio, it is actually running as a Console, and the "driver" of the certificate will display the screen to enter the PIN. But when you see a real Windows Service, the "driver" will not let you use the certificate.

    
09.09.2016 / 17:57
Help with connection to database sql server 2008 and android ng-options "selected" does not work