EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElX509Certificate from X509Certificate2 object

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#8299
Posted: 11/28/2008 03:39:40
by szymon238 szymon238 (Basic support level)
Joined: 11/28/2008
Posts: 2

Hi,

I am developing an app to sign pdfs. I store my cert in a statdard .net X509Certificate2 object and i want to create from it the TElX509Certificate so that i can sign my pdf with your library. What is the fastest way to do that? Casting doestn work and i cant find the appropirate methods to do that. If i am able to use your component, i will purchase it for the final version of my app. Can you please help me ?
#8301
Posted: 11/28/2008 08:48:52
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Please use the following code to perform the conversion from X509Certificate2 to TElX509Certificate:
Code
X509Certificate2 cert = new X509Certificate2("C:\\Projects\\SecureBlackbox\\Certificates\\cert.pfx", "password", X509KeyStorageFlags.Exportable);
if (cert.PrivateKey is RSACryptoServiceProvider)
{
    RSACryptoServiceProvider sp = (RSACryptoServiceProvider)cert.PrivateKey;
    RSAParameters pars = sp.ExportParameters(true);
    byte[] buf = null;
    int size = 0;
    SBRSA.Unit.EncodePrivateKey(pars.Modulus, pars.Exponent, pars.D, pars.P,
                    pars.Q, pars.DP, pars.DQ, pars.InverseQ, ref buf, ref size);
    buf = new byte[size];
    SBRSA.Unit.EncodePrivateKey(pars.Modulus, pars.Exponent, pars.D, pars.P,
                    pars.Q, pars.DP, pars.DQ, pars.InverseQ, ref buf, ref size);
    TElX509Certificate sbbcert = new TElX509Certificate();
    sbbcert.LoadFromBuffer(cert.RawData);
    sbbcert.LoadKeyFromBuffer(buf, 0, size);
}
else
{
    throw new Exception("Unsupported algorithm");
}

The above code can be used to convert certificates with exportable private keys. We do have plans on implementing transparent conversion from any X509Certificate2 object (even with non-exportable private key) to TElX509Certificate for SBB 7.0 though.
#10376
Posted: 06/13/2009 01:31:20
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

The code you posted in this thread does not work for smart card. Which line of code should i change to play with smartcard.

Thanks
Thanh
#10377
Posted: 06/13/2009 02:38:36
by Eugene Mayevski (EldoS Corp.)

It won't. You must use TElCertificate class for all operations.


Sincerely yours
Eugene Mayevski
#10381
Posted: 06/13/2009 06:29:11
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

We are working on a project to build a aervice to sign documents in the server side. We use SBB 7 under a WCF service, signing certificates in Smart card. I would like you to give me a suggestion to cache the signing cert and its private key. Now I use TELWinCertStorag to query the signing cert, pass the cert to a MemoryCertStorge, etc, and these storages are all served as variable members of wcf singleton sevice. The problem is that the SBB signer (XML, PDF, or CMS) acquires private key in S/C each signing time and this is quite slow for a servie in serve side.

Best regards,
Thanh
#10382
Posted: 06/13/2009 08:37:48
by Eugene Mayevski (EldoS Corp.)

The certificate data itself is retrieved from the device and copying it is quick. The private key can't leave the device, so the certificate object carries information about location of the private key.

The private key on device is not "acquired" when you use it for signing. What happens is (roughly):
1) SBB component calculates the hash of the data to be signed
2) the component takes the hash and calls PKCS#11 function SignData(hash, private key ID).
3) the device calculates the hash using the private key found by it's ID and returns the signed block.

In this scenario there's nothing to cache.


Sincerely yours
Eugene Mayevski
#10383
Posted: 06/13/2009 09:57:43
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Thank for your explainaton! I was alo explained that the private key cannot be leaved the device.

Our service will be served to sign a large number of documents, so I think it would be nice that the private key is cached after the the first signing time, it will save a lot of time and improve the persomance of the service.

My sevice is a singleton WCF service, this way I can cache some informtion during the the life of the service. I expect that I can cache the keypairs in a TELx509Certiicate or MemeryCetsorage or TElXMLKeyInfoX509Data object. But I am not sure and need some advices of yours.

I've tested, the decreasing time to read information from S/C will improve the perfomace of the service.

Best & Thanks
Thanh
#10385
Posted: 06/14/2009 05:32:31
by Eugene Mayevski (EldoS Corp.)

We have already found some possibilities for improving speed of operations by reusing cryptographic contexts of CryptoAPI. Now we will need to implement such caching of contexts. This will take some time so I can't promise that this functionality gets to SecureBlackbox 7.1, but I believe that it won't take us more than 2 months to get the feature released.


Sincerely yours
Eugene Mayevski
#10386
Posted: 06/14/2009 05:48:25
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi Eugene,

Thanks for information. I hope I will have a chance to try the features in the SecureBlackbox 7.1.

Best
Thanh
#12392
Posted: 02/11/2010 08:54:05
by Raphael Andrade (Basic support level)
Joined: 02/11/2010
Posts: 1

Hi,

I am developing an application to sign pdfs. I store my certificate in an object Microsoft X509Certificate2 and me needed to convert it in an object of TElX509Certificate, so that he could sign my files pdf with his library. However, that conversion I already locate in: http://www.eldos.com/forum/read.php?FID=7&TID=1508

But I need now to convert TElX509Certificate for X509Certificate2 for another objective, because I have applications that recover the customer's certificate with TElX509Certificate and I need X509Certificate2 to pass for a component of a partner so that this validates the signature. Which the fastest way to do that? Can anybody please help myself?
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 13820 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!