EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS #11 support for Windows Mobile

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#5737
Posted: 04/04/2008 08:15:22
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

Hello,

we're currently using the SecureBlackbox .NET edition for evaluation purposes in our company, and are very happy with the PKCS #11 support for Desktop applications. But unfortunately, it looks like all the PKCS #11 namespaces aren't included in the assemblies for Windows Mobile (.NET CF).

We do have a mobile smartcard and a PKCS #11 driver for Windows Mobile 5.0, and would like to use your framework there, too. Is this possible?

Best regards,
Mathias
#5738
Posted: 04/04/2008 08:31:32
by Eugene Mayevski (EldoS Corp.)

The reason why PKCS#11 support is absent is because .NET (and .NET CF) requires an unmanaged proxy DLL which loads the PKCS#11 module and marshals requests between .NET and the driver.

This PKCS#11 module was built using Delphi and it can't be compiled for PocketPC.

It's possible that we will be able to use FreePascal for compiling this module, which would result in Windows Mobile version of this proxy DLL. But I can't say when we will be able to do this, as there's too much important work that our developers are busy with at the moment.

I've added the task to ToDo list for now.


Sincerely yours
Eugene Mayevski
#5745
Posted: 04/07/2008 02:53:43
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

Thanks for your quick answer.

Too bad, I guess your PKCS #11 classes would've been the best solution for our project. Now we have to find an alternative.

We've also got a CSP DLL for Windows Mobile. Can we use your .NET library to read out certificates and sign data using the CSP interface?

Best regards,
Mathias
#5751
Posted: 04/07/2008 08:26:46
by Eugene Mayevski (EldoS Corp.)

The CSP DLL maps the hardware certificates to Windows certificate storage, accessible via CryptoAPI. You can use ElWinCertStorage class on both desktop and Windows Mobile to access and use such mapped certificates.

There are no alternatives for us rather than bring the proxy DLL to Windows Mobile, so this will be done. However I can't give any estimations.


Sincerely yours
Eugene Mayevski
#5754
Posted: 04/07/2008 09:14:01
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

Yes, it works nicely! :)

We can use the mapped certificates to sign data on Windows Mobile.

Thank you very much,
Mathias
#5762
Posted: 04/08/2008 04:33:19
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

After some experimentation, I encountered another problem regarding PKCS #7 signatures.

When I create an enveloped signature everything is alright. The resultant signature can be verified by the SignedCms class of the .NET Framework and OPENLiMiT SignCubes.

A detached signature can't be verified by both though. SignedCms doesn't set the "Detached" property to true and SignCubes claims there's no signature at all. Of course, it works with TElMessageVerifier, but it would be nice if we could have some interoperability.

Best regards,
Mathias
#5763
Posted: 04/08/2008 04:59:14
by Ken Ivanov (EldoS Corp.)

What component did you use to create the signature? Was it TElMessageSigner?
#5764
Posted: 04/08/2008 05:02:10
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

Yes, TElMessageSigner.
#5796
Posted: 04/09/2008 07:59:59
by Mathias L. (Basic support level)
Joined: 04/04/2008
Posts: 13

So, is there anything I or you can do to fix the signature problem?

We rely on detached PKCS #7 signatures, but if they can't be verified by tools other than SecureBlackbox, they're rather useless for our project. :(

Best regards,
Mathias
#5799
Posted: 04/09/2008 08:05:52
by Eugene Mayevski (EldoS Corp.)

Are you sure that you are using SignedCMS right?


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 9742 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!