hello everyone,
I have a problem. I 'm not able to get my private key.
The smart key model is acsr30

this is a code for key access:
Security.addProvider(new JCAPIProvider());
String cspName = "Cryptographic Service Provider";
String fileName = "C://WINDOWS//system32//usbr30.dll";
JCAPIUtil.addPKCS11CSP(cspName, fileName);
JCAPIProperties.setLogging(true);
KeyStore ks = KeyStore.getInstance("msks","JCAPI");
char[] pin="MYPIN".toCharArray();
ks.load(null, pin);

Why this program doesn't get the private key into my smart key?

Hi,

You cannot access the private key stored on your hardware token as you do:

char[] pin="MYPIN".toCharArray();

ks.load(null, pin);

Calling ks.load(null, pin) will just initialise/load the key store as defined in the JCE standard.

A good start to know how to access the private key is by examining and running our test program ExportPrivateKey.java that is stored in the default examples directory: C:\JCAPI\examples

When you want to access the private key directly, then you have to access/address it through its alias name. If you don't know the alias of your key, then you have to enumerate it from the JCAPI key store.
Here's an example of a test program that will print out the alias of all key entries (certificate and its associated private key) that can be found on a hardware token accessed through PKCS#11:

import java.security.*;

import com.pheox.jcapi.*;



public class HWAlias

{

    public static void main(String[] args)

    {

        try {

            Security.addProvider(new JCAPIProvider());

            String cspName = "Cryptographic Service Provider";

            String fileName = "C:/WINDOWS/system32/usbr30.dll";

            JCAPIUtil.addPKCS11CSP(cspName, fileName); 



            KeyStore ks = KeyStore.getInstance("msks", "JCAPI");

            ks.load(null, null);

            System.out.println("Aliases of key entries stored on HW token:");

            for(java.util.Enumeration e = ks.aliases(); e.hasMoreElements(); )

            {

                String alias = (String)e.nextElement();

                if(ks.isKeyEntry(alias))

                    {

                        JCAPIRSAPrivateKey key = (JCAPIRSAPrivateKey)ks.getKey(alias, null);

                        if(JCAPIUtil.isPKCS11PrivateKey(key))

                            System.out.println(alias);

                    }

            }

        } catch(Throwable t) {

            System.err.println("Example program failed.");

            t.printStackTrace();

        }

    }

}

If the above example fails in some way, then please include your stack trace and/or your issues in your reply.

Once you have gotten your required alias, you can get its private key instance through KeyStore.getKey(String, String) (as shown above) and use it for decryption (the Cipher class) and creation of signatures (the Signature class) and more. A good starting point here is by studying the simple example files EncryptDecrypt1.java and CreateVerifySignature.java located in the examples directory as well.

Regards,
Tommy

Thank you tommy for you response.

I had run a test program ExportPrivateKey.java, and I have gotten the same results as that ones of your sample code.

this is the result :

Aliases of key entries stored on HW token:
Example program failed.
com.pheox.jcapi.JCAPIJNIRuntimeException: Exception raised in JCAPI.DLL:
JCAPIUtil_isPKCS11PrivateKey() - Could not acquire a key container handle.
at com.pheox.jcapi.CoreUtilJNI.isPKCS11PrivateKey(Native Method)
at com.pheox.jcapi.f.a(Unknown Source)
at com.pheox.jcapi.JCAPIUtil.isPKCS11PrivateKey(Unknown Source)
at HWalias.main(HWalias.java:26)

Thanks in advance

Hi,

It seems like your given Cryptographic Service Provider (CSP) cannot be found. According to your source code, you used the string "Cryptographic Service Provider" as your CSP. I'm a bit sceptical that your CSP is correct. Usually the CSP vendors uses a unique name for their CSP e.g. "FTSafe ePass2000 RSA Cryptographic Service Provider".
Please note that the CSP name is associated with the MS CAPI driver for your hardware token, meaning that you can only use our PKCS#11 layer for your HW token if you have already installed the MS CAPI driver for that token, meaning that you cannot use a PKCS#11 DLL only.

Please verify the following:
1. You have installed the MS CAPI driver(s) for your HW token.
2. Can you use your HW token and access its certificates and keys through any other programs?
3. When you have plugged in your HW token to your computer, can you then see the certificate (associated with your private key) in the Personal store in Internet Explorer (Tools->Internet Options->Content->Certificates)?
4. Can you access your certificate stored on your HW token without adding your PKCS#11 DLL driver i.e can you recognise/find your certificate when we list all certificates from the Personal store in the example below (this example will also display the CSP name for each found certificate)?

import java.security.*;

import com.pheox.jcapi.*;

 

public class ListCertsCSP

{

    public static void main(String[] args)

    {

        try {

            Security.addProvider(new JCAPIProvider());

 

            KeyStore ks = KeyStore.getInstance("msks", "JCAPI");

            ks.load(null, null);

            JCAPIProperties.getInstance().setMSCertStoreNames(new String[]{"MY"});

            for(java.util.Enumeration e = ks.aliases(); e.hasMoreElements(); )

                {

                    String alias = (String)e.nextElement();

                    System.out.println("Alias: " + alias);

                    System.out.println("CSP: " + JCAPIUtil.getCSP(alias));

                    System.out.println("Certificate:\n" + ks.getCertificate(alias));

                    System.out.println("\n**************************************************\n");

                }

        } catch(Throwable t) {

            System.err.println("Example program failed.");

            t.printStackTrace();

        }

    }

}

Also, can you please provide the following:
1. The output from calling method JCAPIUtil.getEnvironmentInfo().
2. What's the name/model of your HW token? Who is the vendor and manufacturer? Where can we get one (Web site, address etc)?

Regards,
Tommy

You 're right , my provider name is SysGillo Cryptographic Service Provider.

1)I haven't ms capi for Advanced Card Systems acr30.Do you know where I could find this driver?
2)Yes, I use that in Internet Explorer.
3) Yes, I can .
4) Can you explain me how to do this test because I can't understand how do it.


2)my smart key reader model is acr30 http://www.acs.com.hk/
Advanced Card Systems.

1)this is output of JCAPIUtil.getEnvironmentInfo().
-------------- Environment info start --------------
JCAPI version: 1.1.2.0
JCAPI DLL version: 1.1.2.0

Certificate/system stores:
MY

Using cert entry store: ADDRESSBOOK
Using key entry store: My
Using intermediate cert store: CA
Using root cert store: Root
Using untrusted cert store: null

Available CSPs:
CardOS_CSP
Gemplus GemSAFE Card CSP v1.0
Infineon SICRYPT Base Smart Card CSP
Microsoft Base Cryptographic Provider v1.0
Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
Microsoft Base DSS Cryptographic Provider
Microsoft DH SChannel Cryptographic Provider
Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
Microsoft Exchange Cryptographic Provider v1.0
Microsoft RSA SChannel Cryptographic Provider
Microsoft Strong Cryptographic Provider
Schlumberger Cryptographic Service Provider
SysGillo Cryptographic Service Provider

Using CSP: SysGillo Cryptographic Service Provider

Supported PKCS#11 CSPs:
FTSafe ePass2000 RSA Cryptographic Service Provider
eToken Base Cryptographic Provider
SmartTrust Cryptographic Service Provider
SI_CSP
SafeSign CSP Version 1.0
AR Base Cryptographic Provider
Athena ASECard Crypto CSP


User added PKCS#11 CSPs:
Schlumberger Cryptographic Service Provider

Loaded JCAPI plugins:
JCAPI SSL 5 Plugin, version 1.1.1.0
JCAPI Certificate Factory Plugin, version 1.0.1.0

Registered JCE providers: SUN, version 1.6
SunRsaSign, version 1.5
SunJSSE, version 1.6
SunJCE, version 1.6
SunJGSS, version 1.0
SunSASL, version 1.5
XMLDSig, version 1.0
SunPCSC, version 1.6
SunMSCAPI, version 1.6
JCAPI, version 1.12

java.version: 1.6.0
java.vendor: Sun Microsystems Inc.
java.vm.version: 1.6.0-b105
java.vm.vendor: Sun Microsystems Inc.
os.name: Windows XP
os.arch: x86
os.version: 5.1
java.library.path: C:\Programmi\Java\jdk1.6.0\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\Perl\bin\;C:\oracle\ora81\bin;C:\Programmi\Oracle\jre\1.1.7\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programmi\ZipGenius 6\;C:\Programmi;C:\Programmi\Blat240\full;C:\Programmi\WinHTTrack;C:\j2sdk1.4.2_11\bin;C:\Programmi\QuickTime\QTSystem\
-------------- Environment info end --------------

Hello,

Thank you for your information.

Ok, since you can access your certificate (stored on your smart card) through Internet Explorer, it looks like you have installed the required MS CAPI driver for your CSP.

4) Can you explain me how to do this test because I can't understand how do it.

Just compile and run the test. The test program will list all certificates found in your MY store a.k.a the Personal store. All certificates located in the MY store usually has an associated private key. If you can find your certificate (stored on your smart card) in the output generated by the test program (look for your certificate's issuer- & subject DN), then it means that:
1. You have installed your CSP's CAPI driver.
2. JCAPI can access your certificate but not its private key.
3. The problem you have is probably caused by JCAPI not being able to access the key container in which your private key(s) reside.
4. JCAPI will display the correct CSP for you certificate. Hopefully it will display "SysGillo Cryptographic Service Provider".

The best way to solve your problem is through actual hardware. We've found a vendor for the ACR30 reader, but more importantly, we need:
1. A similar, or identical, card as yours which can be handled by the SysGillo CSP.
2. The SysGillo CSP MS CAPI driver (EXE file).
3. The SysGillo PKCS#11 driver (DLL file).
4. A certificate management tool for your smart card since we need to install a cert chain and private key into the smart card for testing purpose.

Where can we get the above mentioned items? If you have a spare card to do without, then please send it to us if possible (including the drivers).

Regards,
Tommy

Thanks a lot for you help!
You have been very kind helping us.

If you want, I can send you the exe file, dll file and Sysgillo but I can't send you my sim card because I have got only one sim.

The output for a program, for sim data is

SMART CARD
TYPE NAME .................... GSM SIM Card


ICC STATE
ATR STRING ................... 3B FF 18 00 FF 81 31 FE 55 00 6B 02 09 02 00 01 01 01 43 4E 53 10 31 80 9F
ICC PRESENCE ................. 2
ICC INTERFACE STATUS ......... 255
ICC TYPE PER ATR ............. 1
CURRENT IO STATE ............. < no info >

PROTOCOL
DEFAULT DATA RATE ............ 9600
MAX DATA RATE ................ 9600
ASYNC PROTOCOL TYPES ......... 65539
DEFAULT CLK .................. 3680
MAX CLK ...................... 3680
MAX IFSD ..................... 248
SYNC PROTOCOL TYPES .......... < no info >

IFD PROTOCOL
CURRENT PROTOCOL TYPE ........ 2
CURRENT CLK .................. 3680
CURRENT F .................... 372
CURRENT D .................... 12
CURRENT N .................... 255
CURRENT W .................... 0
CURRENT IFSC ................. 254
CURRENT IFSD ................. 248
CURRENT BWT .................. 5
CURRENT CWT .................. 5
CURRENT EBC ENCODING ......... 0
EXTENDED BWT ................. < no info >

Thanks in advance,

Hi,

Sorry, but we need to know at least the model ID of your card so we can get an identical card from a vendor. The ACR30 reader supports a vast amount of cards, so we really need to get the same as you got.

Where have you gotten your card from?

Regards,
Tommy

I don't have a sim reader so I can't read the sim id.
I can do all the test you need for you. Tell me how to do the test and the programs and I can cut and paste the output code to you.

Ok, I can try put together a diagnostic tool that operates towards the CAPI layer for you.
But first, I would like you to run the HWAlias test program that I put in a previous post, but replace the name of the PKCS#11 file "C:/WINDOWS/system32/usbr30.dll" to the correct PKCS#11 DLL file supplied by your CSP i.e SysGillo. As far as I know, the usbr30.dll file is a device driver file for your acr30 reader and not a PKCS#11 file.

When you have found the correct PKCS#11 file, then you can also check your token through the example file ShowPKCS11Info.java that is located in the examples directory (don't forget to add your PKCS#11 provider into that program).

Regards,
Tommy

When I try to add pkcs11 provider in HWAlias , I receive this error

Example program failed.
java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
at HWalias.main(HWalias.java:11)
Caused by: java.io.IOException: Impossibile trovare la procedura specificata.

at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:141)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:154)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:281)
... 2 more

"Impossible to found a procedure" I think this driver is not compatible with standard pkcs11.

this is my code:
public class HWalias
{

public static void main(String[] args)
{
try {
String configName = "C://usb_token.cfg";
sun.security.pkcs11.SunPKCS11 p =new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
Security.addProvider(new JCAPIProvider());
String cspName = "SysGillo Cryptographic Service Provider";
String fileName = "C:/WINDOWS/system32/usbr30.dll";
JCAPIUtil.addPKCS11CSP(cspName, fileName);

KeyStore ks = KeyStore.getInstance("msks", "JCAPI");
ks.load(null, null);
System.out.println("Aliases of key entries stored on HW token:");
for(java.util.Enumeration e = ks.aliases(); e.hasMoreElements(); )
{
String alias = (String)e.nextElement();
if(ks.isKeyEntry(alias))
{
JCAPIRSAPrivateKey key = (JCAPIRSAPrivateKey)ks.getKey(alias, null);
if(JCAPIUtil.isPKCS11PrivateKey(key))
System.out.println(alias);
}
}
} catch(Throwable t) {
System.err.println("Example program failed.");
t.printStackTrace();
}
}
}

these are my alias and csp:
-------------------------------------------------------------------

Alias: MY|5UL8PHWAXaPog6PmjSh+Npeg4SM=
CSP: CardOS_CSP

**************************************************

Alias: MY|qk07+osnbqQLlM3GR7txP9M+ZKA=
CSP: CardOS_CSP

**************************************************

Alias: MY|jcmXFAHrDJ0+9KoCbzJoTCZyN5Y=
CSP: CardOS_CSP

**************************************************

Alias: MY|gUlGSLYP52pKba4IBdtMnZbI+l0=
CSP: CardOS_CSP

**************************************************

Alias: MY|X+b4UGREbOGIS96P2ScfOw8CJS0=
CSP: CardOS_CSP

**************************************************

Alias: MY|Ou/w6n6D3GyRoWROzg/uDg/X7oI=
CSP: SysGillo Cryptographic Service Provider

**************************************************

Alias: MY|LAJ5kfQEIMzeb5h0n4XyNaWwDGk=
CSP: CardOS_CSP

**************************************************

Alias: MY|F4uD2dj7GrPZ+13eLt3guZqO0oI=
CSP: SysGillo Cryptographic Service Provider

**************************************************

Alias: MY|DKwk6QyVkiPGNxeFwg0NdVPePi8=
CSP: SysGillo Cryptographic Service Provider

**************************************************

Alias: MY|AhP5uoI6cz6/BMbFhCH1FcYXpjs=
CSP: SysGillo Cryptographic Service Provider

**************************************************

CARD_OS is the csp of another token(that works right).

Do you have any idea?
Regards,
Marco

Hello,

"Impossible to found a procedure" I think this driver is not compatible with standard pkcs11.

As I mentioned in my previous post, do not use usbr30.dll as your PKCS#11 file since it's most certainly meant for your card reader.

I've created a small diagnostic tool which hopefully can give some more info about your problem.
Please do the following:
1. Download and unzip CheckCSP.zip
2. Insert your card into your reader.
3. Execute CheckCSP.exe
4. Send us the output generated by the program.

Thanks.

Regards,
Tommy

Thank you very much
Here is the output of your program, let me know if you got any idea.


D:\SmartCard\CheckCSP>CheckCSP.exe
Open system store 'My'.
Ok, found CSP 'SysGillo Cryptographic Service Provider'.
Now, check if there exists any certificates managed by the CSP.
Start searching for certificates in system store.
Found a certificate.
JCAPI alias = My|F4uD2dj7GrPZ+13eLt3guZqO0oI=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\5c4b2e09-1b6a-48ef-978a-7c5e3ee3bcba
Try to acquire context.
Acquire context succeeded.
Found a certificate.
JCAPI alias = My|DKwk6QyVkiPGNxeFwg0NdVPePi8=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\DS0
Try to acquire context.
Acquire context succeeded.
End searching for certificates in system store.
Close system store 'My'.


Regards,
Marco

Hi,

Thanks for the info.

I'm a bit confused here since the CheckCSP.exe reports 2 found certificates (with private keys) that are managed by the SysGillo CSP, while you earlier reported 4 certificates found. The CheckCSP.exe do basically the same thing as the JCAPI test program (hmm, it might be the fact you have certificates in the MY store without any private keys associated with them).

Well, we'll do a final test.
Please download and execute the extended CheckCSP.zip file below.
Do also compile and run the following Java program and send us the output generated by both programs (make sure that you have your smart card inserted during the tests):

import java.security.*;

import java.security.interfaces.RSAPrivateKey;

import java.security.cert.X509Certificate;

import com.pheox.jcapi.*;





public class TestSignature

{

    public static void main(String[] args)

    {

        try {

            Security.addProvider(new JCAPIProvider());



            KeyStore ks = KeyStore.getInstance("msks", "JCAPI");

            ks.load(null, null);



            String alias = "MY|Ou/w6n6D3GyRoWROzg/uDg/X7oI=";

            System.out.println("Test signing with alias: " + alias);

            testSign(ks, alias);



            alias = "MY|F4uD2dj7GrPZ+13eLt3guZqO0oI=";

            System.out.println("Test signing with alias: " + alias);

            testSign(ks, alias);



            alias = "MY|DKwk6QyVkiPGNxeFwg0NdVPePi8=";

            System.out.println("Test signing with alias: " + alias);

            testSign(ks, alias);



            alias = "MY|AhP5uoI6cz6/BMbFhCH1FcYXpjs=";

            System.out.println("Test signing with alias: " + alias);

            testSign(ks, alias);



            System.out.println("Test done!.");

        } catch(Throwable t) {

            System.err.println("Example program failed.");

            t.printStackTrace();

        }

    }



    static void testSign(KeyStore ks, String alias)

    {

        try {

            System.out.println("Get certificate.");

            X509Certificate cert = (X509Certificate)ks.getCertificate(alias);

            if(cert == null)

                throw new Exception("No cert found.");

            System.out.println("Alias is a key entry: " + ks.isKeyEntry(alias));

            System.out.println("Get private key.");

            RSAPrivateKey privateKey = (RSAPrivateKey)ks.getKey(alias, null);

            if(privateKey == null)

                throw new Exception("No private key found.");

            System.out.println("Create signature.");

            byte[] data = {1,2,3,4,5};

            Signature s = Signature.getInstance("SHA1withRSA", "JCAPI");

            s.initSign(privateKey);

            s.update(data);

            s.sign();

            System.out.println("Signature was successfully created.");

        } catch(Throwable t) {

            t.printStackTrace();

        }

    }

}

Note: please do also download and install the latest version of JCAPI (v1.2.0).

Regards,
Tommy

Thank you for your help.

I'm a bit confused here since the CheckCSP.exe reports 2 found certificates (with private keys) that are managed by the SysGillo CSP, while you earlier reported 4 certificates found. The CheckCSP.exe do basically the same thing as the JCAPI test program (hmm, it might be the fact you have certificates in the MY store without any private keys associated with them).

You have seen 2 certificates because the first test have been done in another pc(sorry for that),
In this pc,I have imported certificates from 2 smart keys and 2 tokens for test.
I'm very interested for jcapi library, and I would like to known about to pay it, and the licence.

This is java test's result:

Test signing with alias: MY|Ou/w6n6D3GyRoWROzg/uDg/X7oI=
Get certificate.
Alias is a key entry: true
Get private key.
Create signature.
Signature was successfully created.
Test signing with alias: MY|F4uD2dj7GrPZ+13eLt3guZqO0oI=
Get certificate.
Alias is a key entry: true
Get private key.
Create signature.
Signature was successfully created.
Test signing with alias: MY|DKwk6QyVkiPGNxeFwg0NdVPePi8=
Get certificate.
Alias is a key entry: true
Get private key.
Create signature.
Signature was successfully created.
Test signing with alias: MY|AhP5uoI6cz6/BMbFhCH1FcYXpjs=
Get certificate.
Alias is a key entry: true
Get private key.
Create signature.
Test done!.
java.security.SignatureException: Exception raised in JCAPI.DLL:
JCAPISignature_sign() - Could not calculate required signature buffer size.
at com.pheox.jcapi.h.b(Unknown Source)
at com.pheox.jcapi.l.engineSign(Unknown Source)
at java.security.Signature$Delegate.engineSign(Signature.java:112
at java.security.Signature.sign(Signature.java:522)
at TestSignature.testSign(TestSignature.java:5
at TestSignature.main(TestSignature.java:30)






It gives an error because this alias is not on this smart key, but it is strange that
for alias MY|AhP5uoI6cz6/BMbFhCH1FcYXpjs= the program asks me 2 times the pin.





This is the program's result:

C:\CheckCSP_2>CheckCSP.exe
Open system store 'My'.
Ok, found CSP 'SysGillo Cryptographic Service Provider'.
Now, check if there exists any certificates managed by the CSP.
Start searching for certificates in system store.
Found a certificate.
JCAPI alias = My|Ou/w6n6D3GyRoWROzg/uDg/X7oI=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\DS0
******** Key prov info ********
Container: \\.\ACS USB 0\DS0
Container len: 17
Provider: SysGillo Cryptographic Service Provider
Provider len: 39
ProvType: 1
Flags: 0
ProvParam: 0
KeySpec: 2
*******************************
Try to acquire context.
Acquire context succeeded.
Test creating a signature.
Time to sign the hash. This will require a private key and will this show a PIN dialog.
Signature successfully created.
Found a certificate.
JCAPI alias = My|F4uD2dj7GrPZ+13eLt3guZqO0oI=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\5c4b2e09-1b6a-48ef-978a-7c5e3ee3bcba
******** Key prov info ********
Container: \\.\ACS USB 0\5c4b2e09-1b6a-48ef-978a-7c5e3ee3bcba
Container len: 50
Provider: SysGillo Cryptographic Service Provider
Provider len: 39
ProvType: 1
Flags: 0
ProvParam: 0
KeySpec: 2
*******************************
Try to acquire context.
Acquire context succeeded.
Test creating a signature.
Time to sign the hash. This will require a private key and will this show a PIN dialog.
Signature successfully created.
Found a certificate.
JCAPI alias = My|DKwk6QyVkiPGNxeFwg0NdVPePi8=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\DS0
******** Key prov info ********
Container: \\.\ACS USB 0\DS0
Container len: 17
Provider: SysGillo Cryptographic Service Provider
Provider len: 39
ProvType: 1
Flags: 0
ProvParam: 0
KeySpec: 2
*******************************
Try to acquire context.
Acquire context succeeded.
Test creating a signature.
Time to sign the hash. This will require a private key and will this show a PIN dialog.
Signature successfully created.
Found a certificate.
JCAPI alias = My|AhP5uoI6cz6/BMbFhCH1FcYXpjs=
The found certificate has an RSA private key used for decryption.
Key container: \\.\ACS USB 0\b77fe5de-41c5-4317-9619-ac7a65a4c1ef
******** Key prov info ********
Container: \\.\ACS USB 0\b77fe5de-41c5-4317-9619-ac7a65a4c1ef
Container len: 50
Provider: SysGillo Cryptographic Service Provider
Provider len: 39
ProvType: 1
Flags: 0
ProvParam: 0
KeySpec: 2
*******************************
Try to acquire context.
Acquire context succeeded.
Test creating a signature.
Error code: 2148532266
Error msg: (null)
Could not use AT_SIGNATURE when calculating signature buffer size. Try AT_KEYEXCHANGE instead.
Error code: 2148532266
Error msg: (null)
Could not use AT_KEYEXCHANGE when calculating signature buffer size.
End searching for certificates in system store.
Close system store 'My'.



Regards,
Marco