EldoS | Feel safer!

Software components for data protection, secure storage and transfer

sign PDF

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#6134
Posted: 05/06/2008 07:51:09
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hello, can you help me please with : LoadKeyFromStream ?

I want to sign pdf file., using pascal-Delphi, and capicom.

pdfCert : TElX509Certificate;
capicom .... xCert.Export(CAPICOM_ENCODE_BASE64) -> stream
pdfCert.LoadFromStream( stream )

seems to be good, cert is loaded, properties are filled, but has no private key.
As I have read in help, I should load priv.key :

xCert.PrivateKey -> stream [practically there is
something like this : 9ae11de2f225784b08997ec8b2ce4ffa_01289cc4-3bee-44da-be1b-d182e0b58d12

using : pdfCert.LoadKeyFromStream(stream);
-> error : 'Invalid secret key'.

so I try to use :
pdfCert.LoadKeyFromStreamMS(stream)
but :
pdfCert.PrivateKeyExists - still false :(
and trying to close pdf document : error : No signing certificate found

thank you,
slava jansta
#6137
Posted: 05/06/2008 10:10:23
by Ken Ivanov (EldoS Corp.)

The value you've pasted (9ae11de2f225784b08997ec8b­2ce4ffa_01289cc4-3bee-44d­a-be1b-d182e0b58d12) is likely to be a kind of key identifier, not the key itself. You need to extract the actual key using CAPICOM and then pass that key to the LoadKeyFromStream method.
#6139
Posted: 05/06/2008 10:23:09
by Eugene Mayevski (EldoS Corp.)

Why use CAPICOM at all? SecureBlackbox provides all that CAPICOM can give and much more in it's basic PKIBlackbox package (which is included with PDFBlackbox package).


Sincerely yours
Eugene Mayevski
#6156
Posted: 05/07/2008 06:47:04
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Eugene Mayevski wrote:
Why use CAPICOM at all? SecureBlackbox provides all that CAPICOM can give and much more in it's basic PKIBlackbox package (which is included with PDFBlackbox package).


I do not want to use any ElCustomCertStorage class...
in our project there are certificates and other things used for another kind of operations, and some interface is implemented.

So I thing I have to use
LoadFromStream and then LoadKeyFromStreamMS and problem is how to create MS blob using cryptoAPI or capicom.

Seems need to use CryptExportKey to create the MS BLOB, but I don't understand the first parameter phKey. How to obtain it ?
I have certificate as TElX509Certificate
I can have the certificate as PCCERT_CONTEXT.


------------
slava jansta
#6157
Posted: 05/07/2008 07:01:22
by Ken Ivanov (EldoS Corp.)

In general, you should perform the following steps:
1) acquire context for the private key using CryptAcquireContext function,
2) obtain a key handle using CryptGetUserKey function,
3) export the key using CryptExportKey method.

However, such approach is not desirable, as it does not allow use of non-exportable private keys. So we strictly recommend to access certificates stored in the system with PKIBlackbox.
#6161
Posted: 05/07/2008 07:48:11
by Eugene Mayevski (EldoS Corp.)

Please also note that we don't provide support for CryptoAPI or CAPICOM.


Sincerely yours
Eugene Mayevski
#6163
Posted: 05/07/2008 09:02:09
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Eugene Mayevski wrote:
Please also note that we don't provide support for CryptoAPI or CAPICOM.


yes, I know it, but I want to buy your product after testing it that it works with my project, and you can help me with the test to make business :),

thank you,
slava
#6164
Posted: 05/07/2008 09:25:58
by Eugene Mayevski (EldoS Corp.)

JFYI: you can export the certificate via Internet Explorer settings or via MMC snap-in to PFX file, and use the PFX file. This will give you certificate with which you can test our components.

But, as Innokentiy pointed, if the private key is not exportable, your only option will be to use ElWinCertStorage to access and use this certificate. This is the way CryptoAPI works.


Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 2540 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!