EldoS | Feel safer!

Software components for data protection, secure storage and transfer

setsubject or subjectRDN

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#9753
Posted: 04/20/2009 10:14:33
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Hello,
I have noticed that in the samples you prefer to use the subjectRDN property over the SetSubject method when generating a new certificate.
Are these equivalent?
If SubjectRDN should now be used, is there a way to specify the subject email address?

Also, we would like to mention a reference in the certificate (a unique key for the subject that we use internally), should we create an extension for this reference or is there a way to add it to the value pairs of the SubjectRdn.

Regards,
Laurent
#9754
Posted: 04/20/2009 13:06:10
by Ken Ivanov (EldoS Corp.)

Setting certificate properties via SubjectRDN/IssuerRDN properties is more flexible, as it allows to specify the property of any type (the type is specified via the corresponding OID). However, you can use SetSubject()/SetIssuer() as well if a set of properties they promote are enough for your purposes.

Use the following notation to set the e-mail address using SubjectRDN property:
Code
  // Pascal
  Cert.SubjectRDN.OIDs[i] := SB_CERT_OID_EMAIL;
  Cert.SubjectRDN.Values[i] := 'alice@wonderland.com';
  Cert.SubjectRDN.Tags[i] := SB_ASN1_PRINTABLESTRING;

  // C#
  Cert.SubjectRDN.set_OIDs(i, SBUtils.Unit.SB_CERT_OID_EMAIL);
  Cert.SubjectRDN.set_Values(i, SBUtils.Unit.BytesOfString("alice@wonderland.com"));
  Cert.SubjectRDN.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);


Quote
Also, we would like to mention a reference in the certificate (a unique key for the subject that we use internally), should we create an extension for this reference or is there a way to add it to the value pairs of the SubjectRdn.

X.509 specification declares a predefined extension type, subject key identifier. Please simply enable this extension, and TElX509Certificate will generate the identifier for you.
#9757
Posted: 04/21/2009 02:44:53
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Thank you,
I got confused because the constant SB_CERT_OID_EMAIL is not listed along with the other possible values in the documentation page for setSubjectRDN
Thanks again.

Laurent
#9758
Posted: 04/21/2009 02:57:52
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Hello,
Looking at your answer, I was wondering:
What is this line for ?
Quote
Cert.SubjectRDN.Tags[i] := SB_ASN1_PRINTABLESTRING;


Thanks
#9759
Posted: 04/21/2009 03:57:03
by Ken Ivanov (EldoS Corp.)

This line specifies the ASN.1 tag id to be used for the property. Actually, this assignment can be omitted for ASCII-encoded properties (such as e-mail address, common name, country etc.). However, it should be used if the encoding of the property value differs from ASCII (SB_ASN1_UTF8STRING or SB_ASN1_UNIVERSALSTRING tag ids should be used for strings encoded in UTF8/UTF16 respectively).
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1951 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!