We worked a lot in the past months on NCryptoki to find the best way to integrate PKCS#11 tokens in a web page (aspx, php, jsp, etc.). Till now we proposed the Java Applet approach based on JCryptoki and JQuery script to embedded the JCryptoki classes in the web page. Such a Java approach works as expected by has some not nice-to-have security issues that: 1) give a bad user experience; 2) are higly dependent on the JRE installed on the client side. So we searched for a better way. We ported the entire NCryptoki package to Silverlight 5 and we have created a Silverlight user control that exports the NCryptoki classes to the JavaScript world. This approach seems more robust and very nice respect to the user exeprience and doesn't give strong security issues.

You can see a demo (PKCS#11 dump) on my blog: http://www.ugochirico.com/post/2013/10/18/Call-PKCS11-from-Silverlight.aspx

We are happy to announce the new version 1.6.0.1 of NCryptoki.

Such a new version has been moved to .NET Framework 4.0 and doesn't have any C++ Managed Extension dll any more.

Release Notes:

- Moved to .NET Framework 4.0
- Unique version for 32 and 64 bit (compiled for AnyCPU)
- Added several mechanism parameters
- Removed dependency from NCryptokiMngd.dll
- Added support for Mono

We just released the beta version of NCryptoki for .NET framework 4.x.

Try it in your application and let us know your response.

After the latest release of NCryptoki and NDigitSign, we defined the new roadmap.

We were still working on Silverlight version but we had several stops to fulfill several urgent customers requests about NCryptoki and NDigitSign. One of the latest requests was related to a way to use/call a PKCS#11 token/HSM from a web page without using SIlverlight.

A smart solution that works on any browser, on any platform, is by using a JQuery Plugin that can be embedded in any web page and that supply a PKCS#11 interface to JavaScript.

We worked a lot on that and now we are happy to announce that we are ready to release the first PKCS#11 JQuery Plugin that allows to use a PKCS#11 token in any web page.

We are now finishing the documentation and In the next days we'll publish the first release.

One of our customers asked an interesting questions:- "Is it possible to export a private key using NCryptoki?"

The answer is yes if, and only if, the private key is extractable (some tokens may not allow to extract a private key).
Below there is a snippet to export a private key:

 // Searchs for an RSA private key object
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
            
// Launchs the search specifying the template just created
CryptokiCollection objects = session.Objects.Find(template, 1);

if(objects.count == 0)
{
     // PRIVATE KEY NOT FOUND
     return false;
}

// takes the first object as key
RSAPrivateKey privateKey = (RSAPrivateKey)objects[0];

// check if extractable
if(!privateKey.Extractable)
{
    // NOT EXTRACTABLE    
    return false;
}

// Extract modulus and private exponent
byte[] modulus = privateKey.Modulus;
byte[] privateExponent = privateKey.PrivateExponent;