EldoS | Feel safer!

Software components for data protection, secure storage and transfer

setsubject or subjectRDN

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#9753
Posted: 04/20/2009 10:14:33
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Hello,
I have noticed that in the samples you prefer to use the subjectRDN property over the SetSubject method when generating a new certificate.
Are these equivalent?
If SubjectRDN should now be used, is there a way to specify the subject email address?

Also, we would like to mention a reference in the certificate (a unique key for the subject that we use internally), should we create an extension for this reference or is there a way to add it to the value pairs of the SubjectRdn.

Regards,
Laurent
#9754
Posted: 04/20/2009 13:06:10
by Ken Ivanov (EldoS Corp.)

Setting certificate properties via SubjectRDN/IssuerRDN properties is more flexible, as it allows to specify the property of any type (the type is specified via the corresponding OID). However, you can use SetSubject()/SetIssuer() as well if a set of properties they promote are enough for your purposes.

Use the following notation to set the e-mail address using SubjectRDN property:
Code
  // Pascal
  Cert.SubjectRDN.OIDs[i] := SB_CERT_OID_EMAIL;
  Cert.SubjectRDN.Values[i] := 'alice@wonderland.com';
  Cert.SubjectRDN.Tags[i] := SB_ASN1_PRINTABLESTRING;

  // C#
  Cert.SubjectRDN.set_OIDs(i, SBUtils.Unit.SB_CERT_OID_EMAIL);
  Cert.SubjectRDN.set_Values(i, SBUtils.Unit.BytesOfString("alice@wonderland.com"));
  Cert.SubjectRDN.set_Tags(i, SBASN1Tree.Unit.SB_ASN1_PRINTABLESTRING);


Quote
Also, we would like to mention a reference in the certificate (a unique key for the subject that we use internally), should we create an extension for this reference or is there a way to add it to the value pairs of the SubjectRdn.

X.509 specification declares a predefined extension type, subject key identifier. Please simply enable this extension, and TElX509Certificate will generate the identifier for you.
#9757
Posted: 04/21/2009 02:44:53
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Thank you,
I got confused because the constant SB_CERT_OID_EMAIL is not listed along with the other possible values in the documentation page for setSubjectRDN
Thanks again.

Laurent
#9758
Posted: 04/21/2009 02:57:52
by Olivier Wallemacq (Basic support level)
Joined: 01/05/2009
Posts: 22

Hello,
Looking at your answer, I was wondering:
What is this line for ?
Quote
Cert.SubjectRDN.Tags[i] := SB_ASN1_PRINTABLESTRING;


Thanks
#9759
Posted: 04/21/2009 03:57:03
by Ken Ivanov (EldoS Corp.)

This line specifies the ASN.1 tag id to be used for the property. Actually, this assignment can be omitted for ASCII-encoded properties (such as e-mail address, common name, country etc.). However, it should be used if the encoding of the property value differs from ASCII (SB_ASN1_UTF8STRING or SB_ASN1_UNIVERSALSTRING tag ids should be used for strings encoded in UTF8/UTF16 respectively).
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 1955 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!