Discuss this help topic in SecureBlackbox Forum

Import certificate to cryptographic token

Cryptographic tokens in SecureBlackbox are interfaced by the TElPKCS11CertStorage component. And importing a certificate to a hardware device is not different from adding it to any other certificate storage in SecureBlackbox. It is performed by the Add() method. While you can use a standard two-parameter Add() variant, TElPKCS11CertStorage adds an overload to provide you a better control over the procedure.

Before calling Add(), ensure that your storage object is active, and a read-write session has been established to it. certStorage.Add(0, cert, true, false); The SessionIndex parameter specifies the index of the session where you want the certificate to be added. In most cases only one session is involved, therefore SessionIndex is typically set to 0.

The second parameter specifies the certificate to be imported. It should reference a properly initialized certificate object (either loaded from somewhere or freshly generated).

The third parameter tells whether the private key should be copied to the token. This is only possible if the certificate contained in the cert object has an associated private key in the explicit form (array of bytes).

The last parameter specifies whether the private key should be marked as exportable (could be exported from the token in the future). Note that most of the hardware tokens do not allow private keys to be imported as exportable.

How To articles about certificate storages

Discuss this help topic in SecureBlackbox Forum