EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How can I change Hash Algorithm name's in certificate?

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 10/26/2008 02:38:07
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

We have two VPNs in our organization that they works on OpenSSL protocol, under our organization rules we must use one pair dynamic algorithm for hashing and encryption. We want to generate certificate with our CA (this CA made by SBB tools) that the name of it's Hash and cryptography's algorithm is optional or changeable name when generate certificate.

Certificate is a standard certificate, It has not only standard structure but standard algorithm. It just has changed the name of it's algorithm.

How can I change the name of Hash and Cryptography's Algorithm in certificate?

Posted: 10/27/2008 00:49:48
by Ken Ivanov (EldoS Corp.)

Once the certificate is generated, it is impossible to change any of its properties (neither key algorithm, nor subject/issuer information, nor anything else). If your application needs to be compatible to several software products that support different certificate algorithms, the only choice is to generate several certificates containing keys of different algorithms.
Posted: 10/27/2008 01:44:28
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thanks, But I mean is that How can I change algorithm name (Hash or Cryptography) during I generate certificate?

Posted: 10/27/2008 02:20:25
by Ken Ivanov (EldoS Corp.)

You pass public key and signature algorithms to the Generate() method.
Posted: 10/27/2008 02:23:05
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thanks indeed,
Is this passing parameter include non-standard algorithm name?
Posted: 10/27/2008 06:06:42
by Ken Ivanov (EldoS Corp.)

What exactly do you mean by "non-standard"?

Generate() supports the following public key and signature algorithms:

Posted: 11/01/2008 06:23:32
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

I mean by "non-standard" is my algorithm name (for both case, hash and cryptography).

Suppose you I want to use ABCD cryptography algorithm module when I use my certificate (that generate with SBB tools) on OpenSSL protocol and this algorithm is not famous algorithm, this algorithm defined by me.

Posted: 11/01/2008 07:36:11
by Ken Ivanov (EldoS Corp.)

In order to make TElX509Certificate support your custom algorithm, you obviously need to extend SBB with it. TElX509Certificate needs to know at least the OID of the algorithm and the format of corresponding public and secret keys. Without knowing this information, TElX509Certificate is technically unable to generate such certificate.
Posted: 11/02/2008 05:07:22
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

If I have defined OID of the algorithm and extend SBB and then generate certificate, What is represent or display in then Windows certificate manager(for example in Thumbprint algorithm field)? display OID or name?

Posted: 11/03/2008 01:33:41
by Ken Ivanov (EldoS Corp.)

a) Thumbprint algorithm displayed by Windows certificate manager is always SHA1, as it is calculated over the existing certificate,
b) If Windows (==CryptoAPI) knows public key algorithm of your certificate, its name (e.g. "RSA") is displayed. Object identifier is shown otherwise.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.



Topic viewed 4540 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!