My company has provided me with a code signing certificate on a smart card whose private key is protectedÃÂ with a pin and is not exportable.ÃÂ I can use "signtool" to sign the assembly with the smart card cert and I can "Sign the ClickOnce manifests" with the smart card cert as well.ÃÂ In both cases, there is a straightforward option to choose a store certificate (the smart card cert is loaded into my personal store upon card insertion).ÃÂ I am prompted for my pin when performing either action and the signing completes successfully.
Creating a strong name using the smart card cert seems to be a different story.ÃÂ I can use
ÃÂ ÃÂ ÃÂ ÃÂ sn -c [my smart card CSP]
which I know is effective because the key container name (blank in my case...is that a problem?) and the unique key container (a GUID) can be used as such
ÃÂ ÃÂ ÃÂ ÃÂ sn -pc "[GUID or blank]
and the error is "Failed to extract public key from key pair -- Key does not exist."
I said "effective" above because if I switch to my smart card CSP and then pass "sn -pc" something besides empty quotes or the correct GUID, I get the error "Failed to extract public key from key pair -- Keyset does not exist."ÃÂ Notice the difference is "Key does not exist" vs. "Keyset<
View Complete Post