EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Create And issue Certificate Request

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#6705
Posted: 06/23/2008 04:23:59
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

Hi, I Created certificate request with TElCertificateRequest class but when i want to sign it with a CA certificate with secureBlackBox, i got this error "Private key not fount"
i sure that the private key exist in ca certificate and privateKeyExist property is true and it`s exportable.
alto i loaded ca certificate from a pfx file and then tried to issue certificate request but i got error again.

i used TElX509Certificate class and Generate fucntion.

please help me how can fix my problem?
#6706
Posted: 06/23/2008 04:28:14
by Eugene Mayevski (EldoS Corp.)

Please show the exact code piece.


Sincerely yours
Eugene Mayevski
#6708
Posted: 06/23/2008 04:38:39
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

int Algorithm = 0;
int Hash = 0;

FRequest = new TElCertificateRequest(null);
FRequest.Subject.Count = 6;
for (int i = 0; i <= 5; i++) FRequest.Subject.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);

FRequest.Subject.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
FRequest.Subject.set_Values(0, SBUtils.Unit.BytesOfString(textBoxC.Text));

FRequest.Subject.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_STATE_OR_PROVINCE);
FRequest.Subject.set_Values(1, SBUtils.Unit.BytesOfString(textBoxS.Text));

FRequest.Subject.set_OIDs(2, SBUtils.Unit.SB_CERT_OID_LOCALITY);
FRequest.Subject.set_Values(2, SBUtils.Unit.BytesOfString(textBoxL.Text));

FRequest.Subject.set_OIDs(3, SBUtils.Unit.SB_CERT_OID_ORGANIZATION);
FRequest.Subject.set_Values(3, SBUtils.Unit.BytesOfString(textBoxO.Text));

FRequest.Subject.set_OIDs(4, SBUtils.Unit.SB_CERT_OID_ORGANIZATION_UNIT);
FRequest.Subject.set_Values(4, SBUtils.Unit.BytesOfString(textBoxOU.Text));

FRequest.Subject.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
FRequest.Subject.set_Values(5, SBUtils.Unit.BytesOfString(textBoxCAName.Text));

Hash = GetPublicKeyAndHashAlgorithm();

if (Hash == SBUtils.Unit.SB_CERT_ALGORITHM_ID_DSA_SHA1)
{
Algorithm = SBUtils.Unit.SB_CERT_ALGORITHM_ID_DSA;
}
else
{
Algorithm = SBUtils.Unit.SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION;
}

this.Cursor = Cursors.WaitCursor;
buttonBack.Enabled = false;
buttonNext.Enabled = false;
buttonEnd.Enabled = false;
RequestGenerator gen = new RequestGenerator(FRequest, Algorithm, GetKeyLength(), Hash);
panel1.Visible = true;

try
{
ThreadStart ts = new ThreadStart(gen.Execute);
StartProgressbar();
GenThread = new Thread(ts);
GenThread.Start();
progressBar1.Visible = true;

panel1.BringToFront();
do
{
UpdateProgressbar();
if (!GenThread.IsAlive) break;
} while (!GenThread.Join(200));
StopProgressbar();
}
finally
{
//Generating = false;
GenThread = null;
}
this.Cursor = Cursors.Default;
buttonBack.Enabled = true;
buttonEnd.Enabled = true;
FRequest = gen.Request;


TElX509Certificate CACert = new TElX509Certificate();

FileStream fs = new FileStream("c:\\rsa caWithKey.pfx", FileMode.Open);
CACert.LoadFromStreamPFX(fs,"reza",0);
fs.Close();

Certificate certClass = new Certificate();
//certClass.getCACert() this metho return certificate binary data from data base

CACert.LoadFromBufferPEM(certClass.getCACert(), "");

//get cacert index from winstorage
TElWinCertStorage WinStorage = new TElWinCertStorage();
WinStorage.SystemStores.Add("ROOT");
int CAcertIndex = WinStorage.IndexOf(CACert);

//load ca certificate from winStorage
CACert = WinStorage.get_Certificates(CAcertIndex);

//create new TElX509Certificate object for issue request and generate certificate.

TElX509Certificate Cert = new TElX509Certificate(null);
Cert.Generate(FRequest,CACert);
#6710
Posted: 06/23/2008 05:02:41
by Eugene Mayevski (EldoS Corp.)

The certificates in ROOT storage in Windows usually don't have a private key.

I'd suggest that you comment out all calls to CACert.LoadFrom**** and keep only "CACert = " part, then check if the certificate has the private key after doing this assignment.


Sincerely yours
Eugene Mayevski
#6711
Posted: 06/23/2008 05:08:08
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

i sure the private key is exist because i save the private key to a file before generate function and the private key saved to file, so i sure the private key is exist.
#6712
Posted: 06/23/2008 05:10:43
by Eugene Mayevski (EldoS Corp.)

Please check as I described. Were it you who added the certificate to ROOT storage?


Sincerely yours
Eugene Mayevski
#6721
Posted: 06/24/2008 01:10:10
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

i checked another solution but i got the same error.

i created a certificate with generate function then i tried to issue the certificate request with it. you can see my new solution as below :


// i created a ca certificate first
int SignatureAlgorithm = 0;
Cert = new TElX509Certificate(null);
Cert.SubjectRDN.Count = 6;
Cert.SerialNumber = SBUtils.Unit.BytesOfString(r.Next(int.MaxValue).ToString());
Cert.UseUTF8 = true;

for (int i = 0; i <= 5; i++) Cert.SubjectRDN.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);

Cert.SubjectRDN.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
Cert.SubjectRDN.set_Values(0, SBUtils.Unit.BytesOfString(textBoxC.Text));

Cert.SubjectRDN.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_STATE_OR_PROVINCE);
Cert.SubjectRDN.set_Values(1, SBUtils.Unit.BytesOfString(textBoxS.Text));

Cert.SubjectRDN.set_OIDs(2, SBUtils.Unit.SB_CERT_OID_LOCALITY);
Cert.SubjectRDN.set_Values(2, SBUtils.Unit.BytesOfString(textBoxL.Text));

Cert.SubjectRDN.set_OIDs(3, SBUtils.Unit.SB_CERT_OID_ORGANIZATION);
Cert.SubjectRDN.set_Values(3, SBUtils.Unit.BytesOfString(textBoxO.Text));

Cert.SubjectRDN.set_OIDs(4, SBUtils.Unit.SB_CERT_OID_ORGANIZATION_UNIT);
Cert.SubjectRDN.set_Values(4, SBUtils.Unit.BytesOfString(textBoxOU.Text));

Cert.SubjectRDN.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
Cert.SubjectRDN.set_Values(5, SBUtils.Unit.BytesOfString(textBoxCAName.Text));

Cert.ValidFrom = DateTime.UtcNow;
if (comboBoxValidityType.Text == "سال")
Cert.ValidTo = DateTime.UtcNow.AddYears(int.Parse(textBoxValidity.Text));
else if (comboBoxValidityType.Text == "ماه")
Cert.ValidTo = DateTime.Now.AddMonths(int.Parse(textBoxValidity.Text));
else
Cert.ValidTo = DateTime.Now.AddDays(int.Parse(textBoxValidity.Text));

//selfSign
SignatureAlgorithm = GetPublicKeyAndHashAlgorithm();
Cert.CAAvailable = false;
Cert.IssuerRDN.Count = 6;

for (int i = 0; i <= 5; i++) Cert.IssuerRDN.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);

Cert.IssuerRDN.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
Cert.IssuerRDN.set_Values(0, SBUtils.Unit.BytesOfString(textBoxC.Text));

Cert.IssuerRDN.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_STATE_OR_PROVINCE);
Cert.IssuerRDN.set_Values(1, SBUtils.Unit.BytesOfString(textBoxS.Text));

Cert.IssuerRDN.set_OIDs(2, SBUtils.Unit.SB_CERT_OID_LOCALITY);
Cert.IssuerRDN.set_Values(2, SBUtils.Unit.BytesOfString(textBoxL.Text));

Cert.IssuerRDN.set_OIDs(3, SBUtils.Unit.SB_CERT_OID_ORGANIZATION);
Cert.IssuerRDN.set_Values(3, SBUtils.Unit.BytesOfString(textBoxO.Text));

Cert.IssuerRDN.set_OIDs(4, SBUtils.Unit.SB_CERT_OID_ORGANIZATION_UNIT);
Cert.IssuerRDN.set_Values(4, SBUtils.Unit.BytesOfString(textBoxOU.Text));

Cert.IssuerRDN.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
Cert.IssuerRDN.set_Values(5, SBUtils.Unit.BytesOfString(textBoxCAName.Text));

Cert.Extensions.KeyUsage.Critical = true;
Cert.Extensions.KeyUsage.CRLSign = true;
Cert.Extensions.KeyUsage.DataEncipherment = true;
Cert.Extensions.KeyUsage.DigitalSignature = true;
Cert.Extensions.KeyUsage.KeyAgreement = true;
Cert.Extensions.KeyUsage.KeyCertSign = true;


this.Cursor = Cursors.WaitCursor;
CertificateGenerator cgen = null;
cgen = new CertificateGenerator(null, Cert, SignatureAlgorithm, GetKeyLength() / 32);
ThreadStart ts = new ThreadStart(cgen.Execute);

panel1.Visible = true;
panel1.BringToFront();

StartProgressbar();

GenThread = new Thread(ts);
GenThread.Start();

progressBar1.Visible = true;
do
{
UpdateProgressbar();
if (!GenThread.IsAlive) break;
} while (!GenThread.Join(200));
StopProgressbar();

this.Cursor = Cursors.Default;
certClass = new Certificate();
WinStorage = new TElWinCertStorage();
try
{
WinStorage.SystemStores.Add("ROOT");
Cert = cgen.Cert;
WinStorage.Add(Cert,true);


//test

//save private key to a file
FileStream fs = new FileStream("c:\\privateKey.txt", FileMode.Create);
Cert.SaveKeyToStreamPEM(fs,"1234");
fs.Close();

int Algorithm = 0;
int Hash = 0;

TElCertificateRequest FRequest = new TElCertificateRequest();
FRequest.Subject.Count = 6;
for (int i = 0; i <= 5; i++) FRequest.Subject.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);

FRequest.Subject.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
FRequest.Subject.set_Values(0, SBUtils.Unit.BytesOfString(textBoxC.Text));

FRequest.Subject.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_STATE_OR_PROVINCE);
FRequest.Subject.set_Values(1, SBUtils.Unit.BytesOfString(textBoxS.Text));

FRequest.Subject.set_OIDs(2, SBUtils.Unit.SB_CERT_OID_LOCALITY);
FRequest.Subject.set_Values(2, SBUtils.Unit.BytesOfString(textBoxL.Text));

FRequest.Subject.set_OIDs(3, SBUtils.Unit.SB_CERT_OID_ORGANIZATION);
FRequest.Subject.set_Values(3, SBUtils.Unit.BytesOfString(textBoxO.Text));

FRequest.Subject.set_OIDs(4, SBUtils.Unit.SB_CERT_OID_ORGANIZATION_UNIT);
FRequest.Subject.set_Values(4, SBUtils.Unit.BytesOfString(textBoxOU.Text));

FRequest.Subject.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
FRequest.Subject.set_Values(5, SBUtils.Unit.BytesOfString(textBoxCAName.Text));

Hash = GetPublicKeyAndHashAlgorithm();

if (Hash == SBUtils.Unit.SB_CERT_ALGORITHM_ID_DSA_SHA1)
{
Algorithm = SBUtils.Unit.SB_CERT_ALGORITHM_ID_DSA;
}
else
{
Algorithm = SBUtils.Unit.SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION;
}

this.Cursor = Cursors.WaitCursor;
buttonBack.Enabled = false;
buttonNext.Enabled = false;
buttonEnd.Enabled = false;
RequestGenerator gen = new RequestGenerator(FRequest, Algorithm, GetKeyLength(), Hash);
panel1.Visible = true;

try
{
ThreadStart ts1 = new ThreadStart(gen.Execute);
StartProgressbar();
GenThread = new Thread(ts1);
GenThread.Start();
progressBar1.Visible = true;

panel1.BringToFront();
do
{
UpdateProgressbar();
if (!GenThread.IsAlive) break;
} while (!GenThread.Join(200));
StopProgressbar();
}
finally
{
//Generating = false;
GenThread = null;
}
this.Cursor = Cursors.Default;
buttonBack.Enabled = true;
buttonEnd.Enabled = true;
FRequest = gen.Request;


//issue certificate request- cert is ca certificate
TElX509Certificate Cert2 = new TElX509Certificate(null);
Cert2.Generate(FRequest, Cert);

//end test
#6725
Posted: 06/24/2008 04:42:23
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

Eugene Mayevski please help me
#6729
Posted: 06/24/2008 07:01:49
by Eugene Mayevski (EldoS Corp.)

1) Have you solved the initial problem with the private key?
2) what you are doing is completely wrong. You seem to miss the basic ideas of what certificates are and how they must be used properly. Please read the articles in our knowledgebase.


Sincerely yours
Eugene Mayevski
#6780
Posted: 06/28/2008 04:02:25
by reza Goki (Standard support level)
Joined: 02/25/2008
Posts: 30

no i could not solve it.
i know what is certificates, i wrote this solution for only test the private key problem but i got the same error agai. it means that this problem doesnt have any relation with win stroage or root storage in windows.
i think that issue certificate request in secure blackbox have a problem, isn`t it?
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 4108 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!