EldoS | Feel safer!

Software components for data protection, secure storage and transfer

trusting of signed pdf ?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#18218
Posted: 11/16/2011 16:25:52
by Marc Meister (Standard support level)
Joined: 08/19/2011
Posts: 10

Quote
Innokentiy Ivanov wrote:
As far as I can see, you are already adding the root certificate by the following line of code (though there is no need to pass True as the second parameter, as there is no need in copying it with a private key):

CertStorage.Add(Cert_RootCA, True) <-- Add CA root certificate

What you [apparently] should do here, is to add an intermediate CA certificate to the CertStorage together with signing and root certificates. I.e. you should load this intermediate certificate from somewhere (system store, file, ...), and add another line of code that will add it to the storage:

CertStorage.Add(Cert_IntermediateCA, False)


Hi Ivanov,

Can you find me the name to access the "Intermediate Certificate Authorities" Store in the Windows Certificates Store ?

Know names are:
SystemStore.SystemStores.Add("MY")
SystemStore.SystemStores.Add("CA")
SystemStore.SystemStores.Add("ROOT")
What is the "???" for "Intermediate Certificate Authorities", because there
is the intermediate certificate which I must add.

Thanks a lot,
Marc
#18231
Posted: 11/17/2011 08:25:35
by Vsevolod Ievgiienko (EldoS Corp.)

You should use "CA" to access certificates from Intermediate Certificate Authorities store.
#18235
Posted: 11/17/2011 09:33:52
by Marc Meister (Standard support level)
Joined: 08/19/2011
Posts: 10

Quote
Innokentiy Ivanov wrote:
As far as I can see, you are already adding the root certificate by the following line of code (though there is no need to pass True as the second parameter, as there is no need in copying it with a private key):

CertStorage.Add(Cert_RootCA, True) <-- Add CA root certificate

What you [apparently] should do here, is to add an intermediate CA certificate to the CertStorage together with signing and root certificates. I.e. you should load this intermediate certificate from somewhere (system store, file, ...), and add another line of code that will add it to the storage:

CertStorage.Add(Cert_IntermediateCA, False)


Hi,

Thanks, my problem is solved.
To access the intermediate certificate, I use "CA" as you said.
SystemStore.SystemStores.Add("CA")

Thanks,
Marc
#37041
Posted: 06/21/2016 09:24:15
by Cilmar Thomé (Standard support level)
Joined: 05/19/2016
Posts: 7

Hi!

In my application, the user chooses which certificate he wants to use, so I don't know its chain. Also, I don't want to display CA and ROOT stores for him.

How do you suggest I should add the intermediate CA certficate to TElPDFPublicKeySecurityHandler.CertStorage? Should I use an additional TElWinCertStorage to load CA system store, then search for the CA certificate that matches the issuer of the chosen certificate? Which is the best information to perform this search? Should I do the same for ROOT?

Thanks,
Cilmar.
#37043
Posted: 06/21/2016 11:14:17
by Ken Ivanov (EldoS Corp.)

Hi Cilmar,

Thank you for contacting us.

Your understanding is generally correct. You can build the chain in the following way:

1. Create a TElWinCertStorage object and add CA and ROOT stores to the SystemStores list.

2. Call your TElWinCertStorage object's GetIssuerCertificate() method in a loop, starting from your user's certificate up until it returns -1, i.e.

Code
TElMemoryCertStorage chain = new TElMemoryCertStorage();

chain.Add(userCert, false);

TElX509Certificate currCert = userCert;
while (true)
{
    int idx = winCertStorage.GetIssuerCertificate(currCert);
    if (idx < 0)
    {
        break;
    }
    currCert = winCertStorage.get_Certificates(idx);
    chain.Add(currCert);
}


Ken
#37045
Posted: 06/21/2016 13:47:36
by Cilmar Thomé (Standard support level)
Joined: 05/19/2016
Posts: 7

Problem solved, Ken, thank you very much.

Here is my approach, a bit optimized, if you allow me:

Code
Cert := My_Storage.Certificates[comboCertificates.ItemIndex];
while Assigned(Cert) do
begin
  Chain.Add(Cert);
  Index := CA_ROOT_Storage.GetIssuerCertificate(Cert);
  if Index < 0 then
    Cert := nil
  else
    Cert := CA_ROOT_Storage.Certificates[Index];
end;



Cilmar.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 7013 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!